[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 12 21:56:49 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abfc9ff2 by Salvatore Bonaccorso at 2025-08-12T22:56:18+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2025-24303 (Improper check for unusual or exceptional conditions in the Linu
 CVE-2025-24302 (Uncontrolled recursion for some TinyCBOR libraries maintained by Intel ...)
 	TODO: check
 CVE-2025-24296 (Improper input validation in some firmware for the Intel(R) E810 Ether ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver for som ...)
 	TODO: check
 CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode driver f ...)
@@ -447,7 +447,7 @@ CVE-2025-22834 (AMI APTIOV contains a vulnerability in BIOS where a user may cau
 CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user may cause ...)
 	NOT-FOR-US: AMI
 CVE-2025-22392 (Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Stan ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R) TDX may ...)
 	TODO: check
 CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver & Suppor ...)
@@ -459,9 +459,9 @@ CVE-2025-21090 (Missing reference to active allocated resource for some Intel(R)
 CVE-2025-21086 (Improper input validation in the Linux kernel-mode driver for some Int ...)
 	TODO: check
 CVE-2025-20627 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler s ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless WiFi Softw ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmw ...)
 	TODO: check
 CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache mechani ...)
@@ -477,29 +477,29 @@ CVE-2025-20092 (Uncontrolled search path for some Clock Jitter Tool software bef
 CVE-2025-20090 (Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology ...)
 	TODO: check
 CVE-2025-20087 (Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20077 (Missing release of memory after effective lifetime in the UEFI OobRasM ...)
 	TODO: check
 CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R) Connectivit ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R) CSME and I ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20053 (Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmw ...)
 	- intel-microcode <unfixed>
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
 CVE-2025-20048 (Uncontrolled search path for the Intel(R) Trace Analyzer and Collector ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20044 (Improper locking for some Intel(R) TDX Module firmware before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20037 (Time-of-check time-of-use race condition in firmware for some Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20025 (Uncontrolled recursion for some TinyCBOR libraries maintained by Intel ...)
 	TODO: check
 CVE-2025-20023 (Incorrect default permissions for some Intel(R) Graphics Driver softwa ...)
 	TODO: check
 CVE-2025-20017 (Uncontrolled search path for some Intel(R) oneAPI Toolkit and componen ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-54678 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2024-52964 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
@@ -527,7 +527,7 @@ CVE-2024-40588 (Multiple relative path traversal vulnerabilities [CWE-23] in For
 CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
 	TODO: check
 CVE-2024-33607 (Out-of-bounds read in some Intel(R) TDX module software before version ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-26009 (An authentication bypass using an alternate path or channel [CWE-288]  ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-45584 (A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abfc9ff2542f11e9d33657071590a4bdb266a255

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abfc9ff2542f11e9d33657071590a4bdb266a255
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/e08b5c22/attachment.htm>

More information about the debian-security-tracker-commits mailing list