[Git][security-tracker-team/security-tracker][master] Add additional references for speculation issues variants

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 9 07:43:33 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20d990a2 by Salvatore Bonaccorso at 2022-03-09T08:42:40+01:00
Add additional references for speculation issues variants

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7876,6 +7876,7 @@ CVE-2022-23960
 	- linux <unfixed>
 	NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
 	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
+	NOTE: https://xenbits.xen.org/xsa/advisory-398.html
 CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0  ...)
 	{DSA-5088-1 DLA-2920-1}
 	- varnish <unfixed> (bug #1004433)
@@ -68401,6 +68402,9 @@ CVE-2021-26402
 	RESERVED
 CVE-2021-26401
 	RESERVED
+	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
+	NOTE: https://xenbits.xen.org/xsa/advisory-398.html
+	TODO: check if we need to track mitigations in src:linux
 CVE-2021-26400
 	RESERVED
 CVE-2021-26399
@@ -68521,6 +68525,10 @@ CVE-2021-26342
 	RESERVED
 CVE-2021-26341
 	RESERVED
+	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
+	NOTE: https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
+	NOTE: https://xenbits.xen.org/xsa/advisory-398.html
+	TODO: check if we need to track mitigations in src:linux
 CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
 	NOT-FOR-US: AMD
 CVE-2021-26339



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d990a228f1391ce17209ede806d6117009befc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d990a228f1391ce17209ede806d6117009befc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220309/a8047f3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list