[Git][security-tracker-team/security-tracker][master] Add CVE-2024-31073/level-zero

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52872310 by Salvatore Bonaccorso at 2025-05-15T21:05:59+02:00
Add CVE-2024-31073/level-zero

The advisory itself is quite scarce on information and we only know that
it is fixed in level-zero 1.5.4 and later. Every version in Debian was
after that, so track it with beeing fixed before the initial upload to
Debian.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -464,7 +464,8 @@ CVE-2024-36292 (Improper buffer restrictions for some Intel(R) Data Center GPU F
 CVE-2024-31150 (Out-of-bounds read for some Intel(R) Graphics Driver software may allo ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2024-31073 (Uncontrolled search path for some Intel(R) oneAPI Level Zero software  ...)
-	TODO: check
+	- level-zero <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01274.html
 CVE-2024-29222 (Out-of-bounds write for some Intel(R) Graphics Driver software may all ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics Driver instal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52872310d15f02df91db2132f12402f732faba96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52872310d15f02df91db2132f12402f732faba96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/b7dbaccc/attachment.htm>