[Git][security-tracker-team/security-tracker][master] Add some new AMD CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bf14360 by Salvatore Bonaccorso at 2026-02-10T22:33:03+01:00
Add some new AMD CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -317,21 +317,26 @@ CVE-2025-62439 (An Improper Verification of Source of a 
Communication Channel vu
 CVE-2025-55018 (An inconsistent interpretation of http requests ('http request 
smuggli ...)
        NOT-FOR-US: Fortinet
 CVE-2025-54514 (Improper isolation of shared resources on a system on a chip 
by a mali ...)
-       TODO: check
+       - amd64-microcode <unfixed>
+       NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52536 (Improper Prevention of Lock Bit Modification in SEV firmware 
could all ...)
-       TODO: check
+       - amd64-microcode <unfixed>
+       NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52534 (Improper bound check within AMD CPU microcode can allow a 
malicious gu ...)
-       TODO: check
+       - amd64-microcode <unfixed>
+       NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52436 (An Improper Neutralization of Input During Web Page Generation 
('Cross ...)
        NOT-FOR-US: Fortinet
 CVE-2025-48517 (Insufficient Granularity of Access Control in SEV firmware 
could allow ...)
-       TODO: check
+       - amd64-microcode <unfixed>
+       NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-48515 (Insufficient parameter sanitization in AMD Secure Processor 
(ASP) Boot ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-48514 (Insufficient Granularity of Access Control in SEV firmware can 
allow a ...)
-       TODO: check
+       - amd64-microcode <unfixed>
+       NOTE: 
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-48509 (Missing Checks in certain functions related to RMP 
initialization can  ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2025-40587 (A vulnerability has been identified in Polarion V2404 (All 
versions <  ...)
        NOT-FOR-US: Siemens
 CVE-2025-36522 (Incorrect default permissions for some Intel(R) Chipset 
Software befor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf14360a579c6e59d894f0be51c910134923473

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf14360a579c6e59d894f0be51c910134923473
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits