[Git][security-tracker-team/security-tracker][master] Process severral NFUs from AMD

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 12 14:59:55 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acd93c71 by Salvatore Bonaccorso at 2025-02-12T15:58:40+01:00
Process severral NFUs from AMD

Note for reviewers: It is not entirely transparent if some might be
mitigated with microcode update as well, in which case we might reassign
the specific CVE to amd64-microcode package.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -129,9 +129,9 @@ CVE-2024-29171 (Dell BSAFE SSL-J contains an Improper certificate verification v
 CVE-2024-21971 (Improper input validation in AMD Crash Defender could allow an attacke ...)
 	NOT-FOR-US: AMD
 CVE-2024-21925 (Improper input validation within the AmdPspP2CmboxV2 driver may allow  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-21924 (SMM callout vulnerability within the AmdPlatformRasSspSmm driver could ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-13821 (The WP Booking Calendar plugin for WordPress is vulnerable to Unauthen ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13800 (The ConvertPlus plugin for WordPress is vulnerable to unauthorized mod ...)
@@ -175,7 +175,7 @@ CVE-2024-12164 (The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsh
 CVE-2024-11746 (The Discover the Best Woocommerce Product Brands Plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0179 (SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver co ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2024-0145 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
 	NOT-FOR-US: NVIDIA nvJPEG2000 library
 CVE-2024-0144 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
@@ -189,15 +189,15 @@ CVE-2024-0112 (NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software contain
 CVE-2023-49780 (Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 an ...)
 	NOT-FOR-US: acmailer CGI
 CVE-2023-31352 (A bug in the SEV firmware may allow an attacker with privileges to rea ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31345 (Improper input validation in the SMM handler may allow a privileged at ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31343 (Improper input validation in the SMM handler may allow a privileged at ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31342 (Improper input validation in the SMM handler may allow a privileged at ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-31331 (Improper access control in the DRTM firmware could allow a privileged  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-26495 (Cleartext Storage of Sensitive Information vulnerability in Salesforce ...)
 	NOT-FOR-US: Salesforce Tableau Server
 CVE-2025-26494 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
@@ -192527,9 +192527,9 @@ CVE-2023-20584 (IOMMU improperly handles certain special address ranges with inv
 CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
 	NOT-FOR-US: AMD
 CVE-2023-20582 (Improper handling of invalid nested page table entries in the IOMMU ma ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20581 (Improper access control in the IOMMU may allow a privileged attacker t ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20580
 	RESERVED
 CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a  ...)
@@ -192682,7 +192682,7 @@ CVE-2023-20517
 CVE-2023-20516
 	RESERVED
 CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS could all ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20514
 	RESERVED
 CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
@@ -192696,9 +192696,9 @@ CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a priv
 CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
 	NOT-FOR-US: AMD
 CVE-2023-20508 (Improper access control in the ASP could allow a privileged attacker t ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20507 (An integer overflow in the ASP could allow a privileged attacker to pe ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20506
 	RESERVED
 CVE-2023-20505



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acd93c712690c01d1f68623794ef46c6703837df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acd93c712690c01d1f68623794ef46c6703837df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250212/123ad81a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list