Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38f04b6d by Salvatore Bonaccorso at 2025-11-16T14:57:47+01:00
Consider issues from INTEL-SA-01356 as NFU (Intel)
In theory those are in likely in the Linux driver, as the sadvisory
contains a clear reference to the linux-intel-lts branches which contain
Linux LTS series, more precisely "Intel LTS kernel, the kernel tree is a
reference tree that contains enabling for Intel CPU's that may be
up-streamed in a newer kernel version."
It is thus very likely the issues would affect as well any upstreamed
verison of the driver itself, but then it should be covered by the Linux
kernel CNA.
Gut feeling is, that is safe to mark those now as NFU and rather
continue following upstream stable series for Linux and get (or even
have gotten already) the fixes at some point.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1692,7 +1692,7 @@ CVE-2025-32449 (Unquoted search path for some PRI Driver
software before version
CVE-2025-32446 (Untrusted pointer dereference for some Intel QuickAssist
Technology so ...)
NOT-FOR-US: Intel
CVE-2025-32091 (Incorrect default permissions in some firmware for the
Intel(R) Arc(TM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-32088 (Improper conditions check for some Intel(R) QAT Windows
software befor ...)
NOT-FOR-US: Intel
CVE-2025-32038 (Uncontrolled search path for some FPGA Support Package for the
Intel o ...)
@@ -1710,7 +1710,7 @@ CVE-2025-31937 (Out-of-bounds read for some Intel(R) QAT
Windows software before
CVE-2025-31931 (Uncontrolled search path for the Instrumentation and Tracing
Technolog ...)
NOT-FOR-US: Intel
CVE-2025-31647 (Uncontrolled search path for some Intel(R) Graphics Software
before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31645 (Uncontrolled search path for some System Event Log Viewer
Utility soft ...)
NOT-FOR-US: Intel
CVE-2025-31146 (Time-of-check time-of-use race condition for some Intel
Ethernet Adapt ...)
@@ -1750,7 +1750,7 @@ CVE-2025-26405 (Improper control of dynamically-managed
code resources for some
CVE-2025-26402 (Protection mechanism failure for some Intel(R) NPU Drivers
within Ring ...)
TODO: check
CVE-2025-25216 (Improper input validation in some firmware for some Intel(R)
Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-25059 (Uncontrolled search path for some Intel(R) One Boot Flash
Update (Inte ...)
NOT-FOR-US: Intel
CVE-2025-24918 (Improper link resolution before file access ('link following')
for som ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f04b6d6392d7a98bd9fe975eb6680ade933b47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f04b6d6392d7a98bd9fe975eb6680ade933b47
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
