diff --git a/classes/kernel-cve-check.bbclass b/classes/kernel-cve-check.bbclass
index 0718b974..2537eb10 100644
--- a/classes/kernel-cve-check.bbclass
+++ b/classes/kernel-cve-check.bbclass
@@ -16,6 +16,7 @@
 inherit cve-check
 
 KERNEL_CVE_CHECK_DIR ?= "${CVE_CHECK_DB_DIR}/KERNEL"
+CVE_CHECK_ERROR_ON_FAILURE ??= "0"
 
 # Consider ignore information.
 # If value is "0", add CVEs that are registered as negligible to whitelist.
@@ -70,13 +71,16 @@ python update_cip_kernel_sec () {
     if not os.path.isdir(kernel_cve_check_dir):
         os.mkdir(kernel_cve_check_dir)
 
-    if not os.path.isdir(cip_kernel_sec_path):
-        # first run
-        runfetchcmd("git clone %s cip-kernel-sec" % git_uri, d,  workdir=kernel_cve_check_dir)
-        remove_remote(os.path.join(cip_kernel_sec_path, "conf"))
-        runfetchcmd("git update-index --skip-worktree conf/remotes.yml", d, workdir=cip_kernel_sec_path)
-    else:
-        runfetchcmd("git pull", d, workdir=cip_kernel_sec_path)
+    try:
+        if not os.path.isdir(cip_kernel_sec_path):
+            # first run
+            runfetchcmd("git clone %s cip-kernel-sec" % git_uri, d, workdir=kernel_cve_check_dir)
+            remove_remote(os.path.join(cip_kernel_sec_path, "conf"))
+            runfetchcmd("git update-index --skip-worktree conf/remotes.yml", d, workdir=cip_kernel_sec_path)
+        else:
+            runfetchcmd("git pull", d, workdir=cip_kernel_sec_path)
+    except Exception as e:
+        bb.debug(2, "update_cip_kernel_sec: %s, %s" % (git_uri, e))
 }
 
 do_populate_cve_db[postfuncs] += "update_cip_kernel_sec"
@@ -104,6 +108,7 @@ python kernel_cve_check () {
     import yaml
     import os
     import tempfile
+    from datetime import datetime, date
 
     kernel_path = d.getVar("S")
     linux_cip_ver = d.getVar("LINUX_CIP_VERSION")
@@ -118,6 +123,21 @@ python kernel_cve_check () {
         bb.error("LINUX_CIP_VERSION is not set. Please set version")
         return
 
+    cip_kernel_sec_fetch_head = os.path.join(cip_kernel_sec_path, ".git/FETCH_HEAD")
+    cve_check_error = True
+    if os.path.isfile(cip_kernel_sec_fetch_head):
+        timestamp = datetime.fromtimestamp(os.path.getmtime(cip_kernel_sec_fetch_head))
+        if timestamp.date() == date.today():
+            cve_check_error = False
+
+    if cve_check_error:
+        if d.getVar("CVE_CHECK_ERROR_ON_FAILURE") == "0":
+            d.setVar("CVE_CHECK_DB_FILE", "")
+            bb.note("kernel_cve_check: cip-kernel-sec repository sync failure, skipping CVE check")
+        else:
+            bb.fatal("kernel_cve_check: cip-kernel-sec repository sync failure")
+        return
+
     opt_ignore = "--include-ignored" if include_ignore == "1" else ""
     with tempfile.NamedTemporaryFile(delete=False) as f:
         output_filename = f.name