alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-26 20:53:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

change: exclude CVEs that do not impact ESP-IDF components

Browse Source 
cJSON:    CVE-2024-31755 - Resolved in cJSON v1.7.18
FreeRTOS: CVE-2024-28115 - Affects only ARMv7-M MPU ports, and ARMv8-M ports

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This commit is contained in:
Frantisek Hrbata
2024-08-01 12:24:47 +02:00
parent 6892f1a08d
commit efa758c6a3
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/freertos/FreeRTOS-Kernel/sbom.yml
View File

@@ -7,3 +7,5 @@ description: An open-source, real-time operating system (RTOS) with additional f
cve-exclude-list:
- cve: CVE-2021-43997
reason: This vulnerability only affects ARMv7-M and ARMv8-M ports of FreeRTOS and hence does not affect Espressif SoCs which are not based on these architectures.
- cve: CVE-2024-28115
reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled