CVE Status

From Yocto Project
Revision as of 21:48, 24 August 2023 by RossBurton (talk | contribs)
Jump to navigationJump to search

This is a list of CVEs which are currently being reported as open, and the current state.

CVE-2022-3219 (gnupg)

Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.

CVE-2022-33065 (libsndfile1)

Integer overflow, still open upstream.

CVE-2022-46456 (nasm)

Buffer overflow, still open upstream.

CVE-2023-0687 (glibc)

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

CVE-2023-37769 (pixman)

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.


qemu

Upgrading to 8.1.0 will solve the ones which have merged fixes.

CVE-2023-1386 https://github.com/v9fs/linux/issues/29 CVE-2023-3019. Patches sent but not merged, need to be rebased. CVE-2023-3180. Patch at https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980. CVE-2023-3354. Patch at https://lore.kernel.org/qemu-devel/20230801174650.177924-2-berrange@redhat.com/. CVE-2023-40360. Patch at https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98. CVE-2023-4135. Patch at https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.

linux

TODO

Retrieved from "https://wiki.yoctoproject.org/wiki/index.php?title=CVE_Status&oldid=85887"