[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 15 Nov 2023 05:44:43 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
36ee72f2 by Moritz Muehlenhoff at 2023-11-15T14:44:11+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -517,7 +517,7 @@ CVE-2023-32278 (Path transversal in some Intel(R) NUC 
Uniwill Service Driver for
 CVE-2023-32204 (Improper access control in some Intel(R) OFU software before 
version 1 ...)
        NOT-FOR-US: Intel
 CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display 
driver  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before 
version ...)
        NOT-FOR-US: Intel
 CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server 
Host heade ...)
@@ -27224,7 +27224,7 @@ CVE-2023-31102 (7-Zip through 22.01 on Linux allows an 
integer underflow and cod
 CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in 
Apache So ...)
        NOT-FOR-US: Apache InLong
 CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in 
Phoenix Secure ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an 
authenticated use ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software 
Foundation ...)
@@ -70281,7 +70281,7 @@ CVE-2023-20598 (An improper privilege management in the 
AMD Radeon\u2122Graphics
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may 
allow a pri ...)
        NOT-FOR-US: AMD
 CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20595
        RESERVED
 CVE-2023-20594 (Improper initialization of variables in the DXE driver may 
allow a pri ...)
@@ -70358,7 +70358,7 @@ CVE-2023-20573
 CVE-2023-20572
        RESERVED
 CVE-2023-20571 (A race condition in System Management Mode (SMM) code may 
allow an att ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20570
        RESERVED
 CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow 
an atta ...)
@@ -70384,17 +70384,17 @@ CVE-2023-20569 (A side channel vulnerability on some 
of the AMD CPUs may allow a
        NOTE: 
https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
        NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4
 CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics 
driver  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics 
driver  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20566 (Improper address validation in ASP with SNP enabled may 
potentially al ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code 
may allo ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) 
input buff ...)
        NOT-FOR-US: AMD
 CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code 
may allo ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) 
input buff ...)
        NOT-FOR-US: AMD
 CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) 
input buff ...)
@@ -70454,7 +70454,7 @@ CVE-2023-20535
 CVE-2023-20534
        RESERVED
 CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit 
(SMU) m ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker 
to impr ...)
        NOT-FOR-US: AMD
 CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to 
update t ...)
@@ -70468,7 +70468,7 @@ CVE-2023-20528 (Insufficient input validation in the 
SMU may allow a physical at
 CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may 
allow a pr ...)
        NOT-FOR-US: AMD
 CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable 
a privi ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader 
may allow  ...)
        NOT-FOR-US: AMD
 CVE-2023-20524 (An attacker with a compromised ASP could possibly send 
malformed comma ...)
@@ -70478,11 +70478,11 @@ CVE-2023-20523 (TOCTOU in the ASP may allow a 
physical attacker to write beyond
 CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker 
with a mali ...)
        NOT-FOR-US: AMD
 CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with 
physical acces ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow 
an attack ...)
        NOT-FOR-US: AMD
 CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP 
guest conte ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20518
        RESERVED
 CVE-2023-20517
@@ -115543,7 +115543,7 @@ CVE-2021-46776
 CVE-2021-46775 (Improper input validation in ABL may enable an attacker with 
physical  ...)
        NOT-FOR-US: AMD
 CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit 
(SMU) m ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged 
attacker  ...)
        NOT-FOR-US: AMD
 CVE-2021-46772
@@ -115559,7 +115559,7 @@ CVE-2021-46768 (Insufficient input validation in SEV 
firmware may allow an attac
 CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker 
with ph ...)
        NOT-FOR-US: AMD
 CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may 
expose s ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker 
with a comp ...)
        NOT-FOR-US: AMD
 CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an 
attacker to  ...)
@@ -115575,7 +115575,7 @@ CVE-2021-46760 (A malicious or compromised UApp or 
ABL can send a malformed syst
 CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted 
Execution Enviro ...)
        NOT-FOR-US: AMD
 CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD 
Secure  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46757
        RESERVED
 CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the 
ASP (AM ...)
@@ -115595,7 +115595,7 @@ CVE-2021-46750
 CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may 
allow f ...)
        NOT-FOR-US: AMD
 CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) 
may all ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-46747
        RESERVED
 CVE-2021-46746
@@ -129695,7 +129695,7 @@ CVE-2022-23832
 CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD 
\u03bcProf ma ...)
        NOT-FOR-US: AMD
 CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP 
is enabl ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23829
        RESERVED
 CVE-2022-23828
@@ -129729,9 +129729,9 @@ CVE-2022-23823 (A potential vulnerability in some AMD 
processors using frequency
 CVE-2022-23822 (In this physical attack, an attacker may potentially exploit 
the Zynq- ...)
        NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL)
 CVE-2022-23821 (Improper access control in System Management Mode (SMM) may 
allow an a ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow 
an atta ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23819
        RESERVED
 CVE-2022-23818 (Insufficient input validation on the model specific register: 
VM_HSAVE ...)
@@ -191732,7 +191732,7 @@ CVE-2021-26346 (Failure to validate the integer 
operand in ASP (AMD Secure Proce
        NOT-FOR-US: AMD
        NOTE: 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
 CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2021-26344
        RESERVED
 CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may 
allow malici ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to