[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 15 13:44:34 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36ee72f2 by Moritz Muehlenhoff at 2023-11-15T14:44:11+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -517,7 +517,7 @@ CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for
 CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...)
 	NOT-FOR-US: Intel
 CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...)
 	NOT-FOR-US: Intel
 CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...)
@@ -27224,7 +27224,7 @@ CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and cod
 CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in Phoenix Secure ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...)
@@ -70281,7 +70281,7 @@ CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
 	NOT-FOR-US: AMD
 CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an attacker  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20595
 	RESERVED
 CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...)
@@ -70358,7 +70358,7 @@ CVE-2023-20573
 CVE-2023-20572
 	RESERVED
 CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20570
 	RESERVED
 CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
@@ -70384,17 +70384,17 @@ CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow a
 	NOTE: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4
 CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics driver  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics driver  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20566 (Improper address validation in ASP with SNP enabled may potentially al ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code may allo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) input buff ...)
 	NOT-FOR-US: AMD
 CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code may allo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...)
 	NOT-FOR-US: AMD
 CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...)
@@ -70454,7 +70454,7 @@ CVE-2023-20535
 CVE-2023-20534
 	RESERVED
 CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...)
 	NOT-FOR-US: AMD
 CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
@@ -70468,7 +70468,7 @@ CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical at
 CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...)
 	NOT-FOR-US: AMD
 CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable a privi ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow  ...)
 	NOT-FOR-US: AMD
 CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...)
@@ -70478,11 +70478,11 @@ CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond
 CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
 	NOT-FOR-US: AMD
 CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with physical acces ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...)
 	NOT-FOR-US: AMD
 CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20518
 	RESERVED
 CVE-2023-20517
@@ -115543,7 +115543,7 @@ CVE-2021-46776
 CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical  ...)
 	NOT-FOR-US: AMD
 CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker  ...)
 	NOT-FOR-US: AMD
 CVE-2021-46772
@@ -115559,7 +115559,7 @@ CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attac
 CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
 	NOT-FOR-US: AMD
 CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may expose s ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...)
 	NOT-FOR-US: AMD
 CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to  ...)
@@ -115575,7 +115575,7 @@ CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed syst
 CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...)
 	NOT-FOR-US: AMD
 CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46757
 	RESERVED
 CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
@@ -115595,7 +115595,7 @@ CVE-2021-46750
 CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
 	NOT-FOR-US: AMD
 CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46747
 	RESERVED
 CVE-2021-46746
@@ -129695,7 +129695,7 @@ CVE-2022-23832
 CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcProf ma ...)
 	NOT-FOR-US: AMD
 CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23829
 	RESERVED
 CVE-2022-23828
@@ -129729,9 +129729,9 @@ CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency
 CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...)
 	NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL)
 CVE-2022-23821 (Improper access control in System Management Mode (SMM) may allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow an atta ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23819
 	RESERVED
 CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...)
@@ -191732,7 +191732,7 @@ CVE-2021-26346 (Failure to validate the integer operand in ASP (AMD Secure Proce
 	NOT-FOR-US: AMD
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
 CVE-2021-26345 (Failure to validate the value in APCB may allow a privileged attacker  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26344
 	RESERVED
 CVE-2021-26343 (Insufficient validation in ASP BIOS and DRTM commands may allow malici ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ee72f2f5f4b3494439ccc7bdd193e4991b6c33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/2f452d53/attachment.htm>

More information about the debian-security-tracker-commits mailing list