qemu: ignore CVE-2025-54566 and CVE-2025-54567

These CVEs are not applicable to version 6.2.x as the vulnerable code was introduced inly in 10.0.0. Debian made the analysis, reuse their work. * https://security-tracker.debian.org/tracker/CVE-2025-54566 * https://security-tracker.debian.org/tracker/CVE-2025-54567 (From OE-Core rev: 616e6c793bd025337aa8b66450408829fdfe59d5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2025-12-31 22:58:51 +01:00
parent b06df1f496
commit 15ea9a3dcb
1 changed files with 3 additions and 0 deletions
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -169,6 +169,9 @@ CVE_CHECK_IGNORE += "CVE-2023-1386"
 # virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected
 CVE_CHECK_IGNORE += "CVE-2024-7730"

+# These issues were introduced in v10.0.0-rc0
+CVE_CHECK_IGNORE += "CVE-2025-54566 CVE-2025-54567"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"