[Git][security-tracker-team/security-tracker][master] Add references for edk2 CVEs

Paul Wise pabs at debian.org
Sun Oct 14 01:22:46 BST 2018 

Paul Wise pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eda8dd0c by Paul Wise at 2018-10-14T00:22:08Z
Add references for edk2 CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15238,6 +15238,7 @@ CVE-2018-12170
 	RESERVED
 CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor, ...)
 	NOT-FOR-US: Intel
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
 CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
 	NOT-FOR-US: Intel
 CVE-2018-12167
@@ -39194,8 +39195,13 @@ CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and
 	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3614
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
 CVE-2018-3613
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=415
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=44
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
 CVE-2018-3612 (Intel NUC kits with insufficient input validation in system firmware, ...)
 	NOT-FOR-US: Intel
 CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel Graphics ...)
@@ -84827,14 +84833,29 @@ CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Plat
 	NOT-FOR-US: Intel
 CVE-2017-5735
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5734
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5733
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5732
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5731
 	RESERVED
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686
+	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
 CVE-2017-5730
 	RESERVED
 CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and ...)
@@ -84934,6 +84955,7 @@ CVE-2017-5700 (Insufficient protection of password storage in system firmware fo
 	NOT-FOR-US: Intel
 CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior ...)
 	NOT-FOR-US: Intel MinnowBoard 3 Firmware
+	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html
 CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...)
 	NOT-FOR-US: Intel
 CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eda8dd0c424f4a824ce267a3b08052d2e5691384

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eda8dd0c424f4a824ce267a3b08052d2e5691384
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181014/40230043/attachment.html>

More information about the debian-security-tracker-commits mailing list