Last edited one year ago

How to check the CVE status in OpenSTLinux

This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.
Applicable for STM32MP13x lines, STM32MP15x lines


1. Overview[edit source]

This article explains how to configure an OpenSTLinux Yocto build to check the CVE (Common Vulnerabilities and Exposures) status.

2. OpenEmbedded/Yocto Project®[edit source]

OpenEmbedded/Yocto provides a class that permits to check the CVE status.
To enable a CVE status check, add the following to your configuration (conf/local.conf): 

INHERIT += "cve-check"

For more information about how to configure CVE check exclusions, see the section Vulnerability check at build time

The CVE check generates some CVE status by package in <build directory>/tmp-glibc/deploy/cve/ directory.

Example for tf-a-stm32mp: 

tf-a-stm32mp tf-a-stm32mp_cve.json

The two files contain the same information: as a text in the first one, and as a json in the second one.


Common Vulnerabilities and Exposures

The Linux Foundation® and Yocto Project® are registered trademarks of the Linux Foundation. Linux® is a registered trademark of Linux Torvalds

Common Vulnerabilities and Exposures

The Linux Foundation® and Yocto Project® are registered trademarks of the Linux Foundation. Linux® is a registered trademark of Linux Torvalds

Linux® is a registered trademark of Linus Torvalds.

Retrieved from "https://wiki.st.com/stm32mpu-ecosystem-v4/index.php?title=How_to_check_the_CVE_status_in_OpenSTLinux&oldid=92123"