Last edited one year ago

How to check the CVE status in OpenSTLinux

Applicable for STM32MP13x lines, STM32MP15x lines


1. Overview[edit source]

This article explains how to configure an OpenSTLinux Yocto build to check the CVE (Common Vulnerabilities and Exposures) status.

2. OpenEmbedded/Yocto Project®[edit source]

OpenEmbedded/Yocto provides a class that permits to check the CVE status.
To enable a CVE status check, add the following to your configuration (conf/local.conf): 

INHERIT += "cve-check"

For more information about how to configure CVE check exclusions, see the section Vulnerability check at build time

The CVE check generates some CVE status by package in <build directory>/tmp-glibc/deploy/cve/ directory.

Example for tf-a-stm32mp: 

tf-a-stm32mp tf-a-stm32mp_cve.json

The two files contain the same information: as a text in the first one, and as a json in the second one.


Common Vulnerabilities and Exposures

The Linux Foundation® and Yocto Project® are registered trademarks of the Linux Foundation. Linux® is a registered trademark of Linux Torvalds

Common Vulnerabilities and Exposures

The Linux Foundation® and Yocto Project® are registered trademarks of the Linux Foundation. Linux® is a registered trademark of Linux Torvalds

Linux® is a registered trademark of Linus Torvalds.

Retrieved from "https://wiki.stmicroelectronics.cn/stm32mpu-ecosystem-v4/index.php?title=How_to_check_the_CVE_status_in_OpenSTLinux&oldid=92123"