[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 17 13:38:05 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22934749 by Moritz Muehlenhoff at 2021-11-17T14:37:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46183,13 +46183,13 @@ CVE-2021-26340
CVE-2021-26339
RESERVED
CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26334
RESERVED
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
@@ -46197,29 +46197,29 @@ CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform S
CVE-2021-26332
RESERVED
CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26328
RESERVED
CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26324
RESERVED
CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26319
RESERVED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
@@ -46230,7 +46230,7 @@ CVE-2021-26317
CVE-2021-26316
RESERVED
CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
@@ -46243,7 +46243,7 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
NOT-FOR-US: AMD
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
@@ -47269,7 +47269,7 @@ CVE-2021-25942
CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
NOT-FOR-US: Node deep-override
CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
- TODO: check
+ - arangodb <itp> (bug #761817)
CVE-2021-25939
RESERVED
CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
@@ -88352,7 +88352,7 @@ CVE-2020-21641
CVE-2020-21640
RESERVED
CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2020-21638
RESERVED
CVE-2020-21637
@@ -88376,7 +88376,7 @@ CVE-2020-21629
CVE-2020-21628
RESERVED
CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2020-21626
RESERVED
CVE-2020-21625
@@ -108736,13 +108736,13 @@ CVE-2020-12956
CVE-2020-12955
RESERVED
CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12953
RESERVED
CVE-2020-12952
RESERVED
CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12950
RESERVED
CVE-2020-12949
@@ -108752,11 +108752,11 @@ CVE-2020-12948
CVE-2020-12947
RESERVED
CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12945
RESERVED
CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12943
RESERVED
CVE-2020-12942
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229347499aeebccde32610dbb52a5b0b31504555
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/229347499aeebccde32610dbb52a5b0b31504555
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211117/cfc29fe1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list