Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
22934749 by Moritz Muehlenhoff at 2021-11-17T14:37:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46183,13 +46183,13 @@ CVE-2021-26340
CVE-2021-26339
RESERVED
CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may
allow for ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit
(SMU) m ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU)
may cause ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26335 (Improper input and range checking in the Platform Security
Processor ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26334
RESERVED
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform
Securit ...)
@@ -46197,29 +46197,29 @@ CVE-2021-26333 (An information disclosure
vulnerability exists in AMD Platform S
CVE-2021-26332
RESERVED
CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue
where a ma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based
overflow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer
overflow wh ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26328
RESERVED
CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware
could lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in
a loss o ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command
may lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26324
RESERVED
CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may
result in a p ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26322 (Persistent platform private key may not be protected with a
random IV ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may
allow a loc ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in
the SEND_S ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26319
RESERVED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the
x86 PREFET ...)
@@ -46230,7 +46230,7 @@ CVE-2021-26317
CVE-2021-26316
RESERVED
CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads,
authent ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26314 (Potential floating point value injection in all supported CPU
products ...)
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
NOTE: Claimed to not affect Xen, Cf.
https://xenbits.xen.org/xsa/advisory-375.html in
@@ -46243,7 +46243,7 @@ CVE-2021-26313 (Potential speculative code store bypass
in all supported CPU pro
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
CVE-2021-26312 (PSP protection against improperly configured side channels may
lead to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the
guest a ...)
NOT-FOR-US: AMD
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML
escapin ...)
@@ -47269,7 +47269,7 @@ CVE-2021-25942
CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions
1.0.0 th ...)
NOT-FOR-US: Node deep-override
CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to
Insuffic ...)
- TODO: check
+ - arangodb <itp> (bug #761817)
CVE-2021-25939
RESERVED
CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable
to Cross ...)
@@ -88352,7 +88352,7 @@ CVE-2020-21641
CVE-2020-21640
RESERVED
CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to
contain a cros ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2020-21638
RESERVED
CVE-2020-21637
@@ -88376,7 +88376,7 @@ CVE-2020-21629
CVE-2020-21628
RESERVED
CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2020-21626
RESERVED
CVE-2020-21625
@@ -108736,13 +108736,13 @@ CVE-2020-12956
CVE-2020-12955
RESERVED
CVE-2020-12954 (A side effect of an integrated chipset option may be able to
be used b ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12953
RESERVED
CVE-2020-12952
RESERVED
CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code
to perfo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12950
RESERVED
CVE-2020-12949
@@ -108752,11 +108752,11 @@ CVE-2020-12948
CVE-2020-12947
RESERVED
CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM
command ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12945
RESERVED
CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware
could lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12943
RESERVED
CVE-2020-12942
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229347499aeebccde32610dbb52a5b0b31504555
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229347499aeebccde32610dbb52a5b0b31504555
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
