[Git][security-tracker-team/security-tracker][master] Add xen from XSA-407

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 12 20:36:14 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb9b9b7a by Salvatore Bonaccorso at 2022-07-12T21:35:24+02:00
Add xen from XSA-407

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15376,9 +15376,11 @@ CVE-2022-29901 [Information leak through mispredicted returns on Intel processor
 CVE-2022-29900 [Information leak through mispredicted returns on AMD processors]
 	RESERVED
 	- linux <unfixed>
+	- xen <unfixed>
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
+	NOTE: https://xenbits.xen.org/xsa/advisory-407.html
 CVE-2022-29899
 	RESERVED
 CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
@@ -33998,9 +34000,11 @@ CVE-2022-23826
 CVE-2022-23825 [AMD CPUs exhibit phantom jumps]
 	RESERVED
 	- linux <unfixed>
+	- xen <unfixed>
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
+	NOTE: https://xenbits.xen.org/xsa/advisory-407.html
 CVE-2022-23824
 	RESERVED
 CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency scali ...)
@@ -34022,11 +34026,13 @@ CVE-2022-23817
 CVE-2022-23816
 	RESERVED
 	- linux <unfixed>
+	- xen <unfixed>
 	NOTE: This is the AMD assigned CVE for Retbleed (CVE-2022-29900), as AMD did not
 	NOTE: agree on the coverage for CVE-2022-29900: As stated in the Xen advisory 407:
 	NOTE: On AMD CPUs, Retbleed is one specific instance of a more general
 	NOTE: microarchitectural behaviour called Branch Type Confusion.  AMD have
 	NOTE: assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion).
+	NOTE: https://xenbits.xen.org/xsa/advisory-407.html
 CVE-2022-23815
 	RESERVED
 CVE-2022-23814



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb9b9b7ae9da115a111da367f568635b805aa542

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb9b9b7ae9da115a111da367f568635b805aa542
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/376b044b/attachment.htm>

More information about the debian-security-tracker-commits mailing list