[Git][security-tracker-team/security-tracker][master] Add additional information and association with amd64-microcode for CVE-2024-36347

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40e14238 by Salvatore Bonaccorso at 2025-03-06T12:34:36+01:00
Add additional information and association with amd64-microcode for CVE-2024-36347

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,12 @@
-CVE-2024-36347
+CVE-2024-36347 [AMD CPU Microcode Signature Verification Vulnerability]
+	- amd64-microcode <unfixed> (bug #1095470)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2336412
+	NOTE: https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
+	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/3
+	NOTE: Kernel stop-gap mitigation: https://www.openwall.com/lists/oss-security/2025/03/06/3
+	NOTE: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bb2281fb05e50108ce95c43ab7e701ee564565c8
 CVE-2024-56202 [Expect header field can unreasonably retain resource]
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e1423831f9724b623b57fb51eec6b5ef0e848b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40e1423831f9724b623b57fb51eec6b5ef0e848b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250306/0671da01/attachment-0001.htm>