[Git][security-tracker-team/security-tracker][master] Associate issues from INTEL-SA-00766 with firmware-nonfree

Salvatore Bonaccorso (@carnil) Thu, 17 Aug 2023 22:02:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
95b0f7ef by Salvatore Bonaccorso at 2023-08-18T07:01:52+02:00
Associate issues from INTEL-SA-00766 with firmware-nonfree

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46433,7 +46433,11 @@ CVE-2022-46647
 CVE-2022-46646
        RESERVED
 CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless 
WiFi so ...)
-       TODO: check
+       - firmware-nonfree <unfixed>
+       [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+       [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+       NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+       NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-46301
        RESERVED
 CVE-2022-46299
@@ -63901,7 +63905,11 @@ CVE-2022-40971 (Incorrect default permissions for the 
Intel(R) HDMI Firmware Upd
 CVE-2022-40970
        RESERVED
 CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi 
and Kil ...)
-       TODO: check
+       - firmware-nonfree <unfixed>
+       [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+       [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+       NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+       NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM 
software be ...)
        NOT-FOR-US: Intel
 CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ 
Compiler befo ...)
@@ -73260,7 +73268,11 @@ CVE-2022-38092
 CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some 
Intel(R ...)
        NOT-FOR-US: Intel
 CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless 
WiFi and Ki ...)
-       TODO: check
+       - firmware-nonfree <unfixed>
+       [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+       [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+       NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+       NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo 
functionality  ...)
        - kolla <itp> (bug #804128)
        NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
@@ -73273,7 +73285,11 @@ CVE-2022-37329 (Uncontrolled search path in some 
Intel(R) Quartus(R) Prime Pro a
 CVE-2022-36406
        RESERVED
 CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless 
WiFi and Ki ...)
-       TODO: check
+       - firmware-nonfree <unfixed>
+       [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+       [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+       NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+       NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-33893
        RESERVED
 CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions 
prior  ...)
@@ -102998,7 +103014,11 @@ CVE-2022-1042 (In Zephyr bluetooth mesh core stack, 
an out-of-bound write vulner
 CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write 
vulnerabili ...)
        NOT-FOR-US: Zyphyr
 CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi 
and Kil ...)
-       TODO: check
+       - firmware-nonfree <unfixed>
+       [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+       [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+       NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+       NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-27626 (A vulnerability regarding concurrent execution using shared 
resource w ...)
        NOT-FOR-US: Synology
 CVE-2022-27625 (A vulnerability regarding improper restriction of operations 
within th ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b0f7ef8d964c6230aed3b2e10acb7b9a20e1cb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b0f7ef8d964c6230aed3b2e10acb7b9a20e1cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Associate issues from INTEL-SA-00766 with firmware-nonfree

Reply via email to