[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 26 07:11:45 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dac6589 by Salvatore Bonaccorso at 2023-01-26T08:11:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80320,9 +80320,9 @@ CVE-2022-23816
 CVE-2022-23815
 	RESERVED
 CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
 	NOT-FOR-US: TransmitMail
 CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
@@ -141789,7 +141789,8 @@ CVE-2021-26348 (Failure to flush the Translation Lookaside Buffer (TLB) of the I
 CVE-2021-26347 (Failure to validate the integer operand in ASP (AMD Secure Processor)  ...)
 	NOT-FOR-US: AMD
 CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Processor)  ...)
-	TODO: check
+	NOT-FOR-US: AMD
+	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
 CVE-2021-26345
 	RESERVED
 CVE-2021-26344
@@ -141853,7 +141854,7 @@ CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86
 CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to control ...)
 	NOT-FOR-US: AMD
 CVE-2021-26316 (Failure to validate the communication buffer and communication service ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
 	NOT-FOR-US: AMD
 CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dac658974e0557f8663eb26d8829d46bb2c6da3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dac658974e0557f8663eb26d8829d46bb2c6da3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/061cea51/attachment.htm>


More information about the debian-security-tracker-commits mailing list