Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83601b75 by Moritz Muehlenhoff at 2022-07-29T19:54:16+02:00
NFUs, there's no indication that the AMD issues require Linux or microcode
changes and even if, they'd have trickled into LTS kernels
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -98543,10 +98543,10 @@ CVE-2021-26343
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation
Lookaside ...)
NOT-FOR-US: AMD
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional
direct bran ...)
+ NOT-FOR-US: AMD
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
NOTE:
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
- TODO: check if we need to track mitigations in src:linux
CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged
attacker pr ...)
NOT-FOR-US: AMD
CVE-2021-26339 (A bug in AMD CPU’s core logic may allow for an attacker,
using s ...)
@@ -98592,8 +98592,8 @@ CVE-2021-26320 (Insufficient validation of the AMD SEV
Signing Key (ASK) in the
CVE-2021-26319
RESERVED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the
x86 PREFET ...)
+ NOT-FOR-US: AMD
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
- TODO: check details and if mitigation in microcode/kernel exists
CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to
control ...)
NOT-FOR-US: AMD
CVE-2021-26316
@@ -116411,7 +116411,7 @@ CVE-2020-35307
CVE-2020-35306
RESERVED
CVE-2020-35305 (Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the
filename par ...)
- TODO: check
+ NOT-FOR-US: Gollum
CVE-2020-35304
RESERVED
CVE-2020-35303
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83601b751bc57c7163a9c39cae1f63b9ff94a844
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83601b751bc57c7163a9c39cae1f63b9ff94a844
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
