Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89994d65 by Salvatore Bonaccorso at 2025-07-10T08:46:52+02:00
Add CVE-2024-3634{8,9 (associate it with amd64-microcode, hw vulnerability)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -981,9 +981,23 @@ CVE-2024-49784 (IBM OpenPages with Watson 8.3 and 9.0
could provide weaker tha
CVE-2024-49783 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker
than ex ...)
NOT-FOR-US: IBM
CVE-2024-36349 (A transient execution vulnerability in some AMD processors may
allow a ...)
- TODO: check
+ - amd64-microcode <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+ NOTE:
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+ NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+ NOTE: https://aka.ms/enter-exit-leak
+ NOTE:
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+ NOTE: Not planned to be fixed, as leakage of TSC_AUX does not result in
leakage of sensitive
+ NOTE: information.
CVE-2024-36348 (A transient execution vulnerability in some AMD processors may
allow a ...)
- TODO: check
+ - amd64-microcode <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+ NOTE:
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+ NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+ NOTE: https://aka.ms/enter-exit-leak
+ NOTE:
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+ NOTE: Not planned to be fixed, as leakage of CPU Configuration does not
result in leakage
+ NOTE: of sensitive information.
CVE-2024-31854 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
NOT-FOR-US: Siemens
CVE-2024-31853 (A vulnerability has been identified in SICAM TOOLBOX II (All
versions ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994d6528df940ab730a6eace3988baf4539031
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994d6528df940ab730a6eace3988baf4539031
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
