[Git][security-tracker-team/security-tracker][master] Associate issues from INTEL-SA-00766 with firmware-nonfree

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 18 06:02:41 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95b0f7ef by Salvatore Bonaccorso at 2023-08-18T07:01:52+02:00
Associate issues from INTEL-SA-00766 with firmware-nonfree

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46433,7 +46433,11 @@ CVE-2022-46647
 CVE-2022-46646
 	RESERVED
 CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+	NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-46301
 	RESERVED
 CVE-2022-46299
@@ -63901,7 +63905,11 @@ CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Upd
 CVE-2022-40970
 	RESERVED
 CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+	NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...)
 	NOT-FOR-US: Intel
 CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
@@ -73260,7 +73268,11 @@ CVE-2022-38092
 CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...)
 	NOT-FOR-US: Intel
 CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+	NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality  ...)
 	- kolla <itp> (bug #804128)
 	NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
@@ -73273,7 +73285,11 @@ CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro a
 CVE-2022-36406
 	RESERVED
 CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+	NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-33893
 	RESERVED
 CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior  ...)
@@ -102998,7 +103014,11 @@ CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulner
 CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
 	NOT-FOR-US: Zyphyr
 CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
+	NOTE: Fixed upstream in linux-firmware/20230804
 CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...)
 	NOT-FOR-US: Synology
 CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b0f7ef8d964c6230aed3b2e10acb7b9a20e1cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b0f7ef8d964c6230aed3b2e10acb7b9a20e1cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230818/e6687063/attachment.htm>

More information about the debian-security-tracker-commits mailing list