[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3634{8,9 (associate it with amd64-microcode, hw vulnerability)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 10 08:13:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89994d65 by Salvatore Bonaccorso at 2025-07-10T08:46:52+02:00
Add CVE-2024-3634{8,9 (associate it with amd64-microcode, hw vulnerability)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -981,9 +981,23 @@ CVE-2024-49784 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker tha
CVE-2024-49783 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than ex ...)
NOT-FOR-US: IBM
CVE-2024-36349 (A transient execution vulnerability in some AMD processors may allow a ...)
- TODO: check
+ - amd64-microcode <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+ NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+ NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+ NOTE: https://aka.ms/enter-exit-leak
+ NOTE: https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+ NOTE: Not planned to be fixed, as leakage of TSC_AUX does not result in leakage of sensitive
+ NOTE: information.
CVE-2024-36348 (A transient execution vulnerability in some AMD processors may allow a ...)
- TODO: check
+ - amd64-microcode <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-471.html
+ NOTE: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
+ NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
+ NOTE: https://aka.ms/enter-exit-leak
+ NOTE: https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
+ NOTE: Not planned to be fixed, as leakage of CPU Configuration does not result in leakage
+ NOTE: of sensitive information.
CVE-2024-31854 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
NOT-FOR-US: Siemens
CVE-2024-31853 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994d6528df940ab730a6eace3988baf4539031
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994d6528df940ab730a6eace3988baf4539031
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/117991cc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list