[Git][security-tracker-team/security-tracker][master] Add new AMD cpu issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 8 18:12:58 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
310ac317 by Salvatore Bonaccorso at 2025-07-08T19:12:15+02:00
Add new AMD cpu issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2024-36357 [TSA-L1 (TSA in the L1 data cache)]
+	- amd64-microcode <unfixed>
+	- xen <unfixed>
+	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
+	NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+	NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+	NOTE: https://aka.ms/enter-exit-leak
+	NOTE: https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+	TODO: check amd64-microcode update covering the updates
+CVE-2024-36350 [TSA-SQ (TSA in the Store Queues)]
+	- amd64-microcode <unfixed>
+	- xen <unfixed>
+	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
+	NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+	NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+	NOTE: https://aka.ms/enter-exit-leak
+	NOTE: https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+	TODO: check amd64-microcode update covering the updates
 CVE-2025-7346 (Any unauthenticated attacker can bypass the localhost  restrictions po ...)
 	- pyload <itp> (bug #1001980)
 CVE-2025-7327 (The Widget for Google Reviews plugin for WordPress is vulnerable to Di ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310ac3177bd1e54fcfc941c0c2b10b4239b0ba6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/310ac3177bd1e54fcfc941c0c2b10b4239b0ba6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/9df12dd2/attachment.htm>

More information about the debian-security-tracker-commits mailing list