Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40e14238 by Salvatore Bonaccorso at 2025-03-06T12:34:36+01:00
Add additional information and association with amd64-microcode for
CVE-2024-36347
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,12 @@
-CVE-2024-36347
+CVE-2024-36347 [AMD CPU Microcode Signature Verification Vulnerability]
+ - amd64-microcode <unfixed> (bug #1095470)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2336412
+ NOTE:
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
+ NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
+ NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/3
+ NOTE: Kernel stop-gap mitigation:
https://www.openwall.com/lists/oss-security/2025/03/06/3
+ NOTE:
https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb2281fb05e50108ce95c43ab7e701ee564565c8
CVE-2024-56202 [Expect header field can unreasonably retain resource]
- trafficserver <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e1423831f9724b623b57fb51eec6b5ef0e848b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e1423831f9724b623b57fb51eec6b5ef0e848b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
