[Git][security-tracker-team/security-tracker][master] NFUs, there's no indication that the AMD issues require Linux or microcode
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 29 18:55:14 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83601b75 by Moritz Muehlenhoff at 2022-07-29T19:54:16+02:00
NFUs, there's no indication that the AMD issues require Linux or microcode
changes and even if, they'd have trickled into LTS kernels
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -98543,10 +98543,10 @@ CVE-2021-26343
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation Lookaside ...)
NOT-FOR-US: AMD
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direct bran ...)
+ NOT-FOR-US: AMD
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
NOTE: https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
- TODO: check if we need to track mitigations in src:linux
CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
NOT-FOR-US: AMD
CVE-2021-26339 (A bug in AMD CPU’s core logic may allow for an attacker, using s ...)
@@ -98592,8 +98592,8 @@ CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the
CVE-2021-26319
RESERVED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
+ NOT-FOR-US: AMD
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
- TODO: check details and if mitigation in microcode/kernel exists
CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to control ...)
NOT-FOR-US: AMD
CVE-2021-26316
@@ -116411,7 +116411,7 @@ CVE-2020-35307
CVE-2020-35306
RESERVED
CVE-2020-35305 (Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename par ...)
- TODO: check
+ NOT-FOR-US: Gollum
CVE-2020-35304
RESERVED
CVE-2020-35303
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83601b751bc57c7163a9c39cae1f63b9ff94a844
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83601b751bc57c7163a9c39cae1f63b9ff94a844
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220729/71851bc4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list