[Git][security-tracker-team/security-tracker][master] Consider two Linux CVEs as unimportant after kernel-sec triage

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 25 06:16:42 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e378fc0e by Salvatore Bonaccorso at 2024-12-25T07:16:10+01:00
Consider two Linux CVEs as unimportant after kernel-sec triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92002,8 +92002,9 @@ CVE-2024-0675 (Vulnerability of improper checking for unusual or exceptional con
 CVE-2024-0674 (Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machin ...)
 	NOT-FOR-US: Lamassu Bitcoin ATM Douro machines
 CVE-2024-0564 (A flaw was found in the Linux kernel's memory deduplication mechanism. ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258514
+	NOTE: Inherent design limitation, can be avoided by not using KSM
 CVE-2023-6943 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe  ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-6942 (Missing Authentication for Critical Function vulnerability in Mitsubis ...)
@@ -164750,11 +164751,10 @@ CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and esc
 CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...)
-	- linux <unfixed>
-	[bookworm] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
-	[bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+	- linux <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
 	NOTE: https://www.willsroot.io/2022/12/entrybleed.html
+	NOTE: Ignored upstream and KASLR is not expected to be resistant to local attacks.
 CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...)
 	NOT-FOR-US: SAP
 CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e378fc0e4e2f49216e0ff7d805e6f4a99ba017bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e378fc0e4e2f49216e0ff7d805e6f4a99ba017bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/63e7af91/attachment.htm>


More information about the debian-security-tracker-commits mailing list