Since the Linux kernel became a CVE Numbering Authority (CNA), the number of associated CVEs has increased. Security teams must address these CVEs to meet regulatory and customer requirements, increasing their workload unless automation is implemented. In this talk, we analyze the status of CVEs for each LTS kernel branch. Then, we demonstrate how leveraging CVE kernel metadata and recent SPDX generation enhancements within oe-core can reduce CVE false positives by 70% and provide detailed responses for all kernel-related CVEs. This process uses output from vex or the cve-check bbclass as input. Additionally, it enables more detailed per-binary information about the source code used to compile any package built with The Yocto Project.