[Git][security-tracker-team/security-tracker][master] Consider issues from INTEL-SA-01356 as NFU (Intel)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 16 14:00:23 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38f04b6d by Salvatore Bonaccorso at 2025-11-16T14:57:47+01:00
Consider issues from INTEL-SA-01356 as NFU (Intel)
In theory those are in likely in the Linux driver, as the sadvisory
contains a clear reference to the linux-intel-lts branches which contain
Linux LTS series, more precisely "Intel LTS kernel, the kernel tree is a
reference tree that contains enabling for Intel CPU's that may be
up-streamed in a newer kernel version."
It is thus very likely the issues would affect as well any upstreamed
verison of the driver itself, but then it should be covered by the Linux
kernel CNA.
Gut feeling is, that is safe to mark those now as NFU and rather
continue following upstream stable series for Linux and get (or even
have gotten already) the fixes at some point.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1692,7 +1692,7 @@ CVE-2025-32449 (Unquoted search path for some PRI Driver software before version
CVE-2025-32446 (Untrusted pointer dereference for some Intel QuickAssist Technology so ...)
NOT-FOR-US: Intel
CVE-2025-32091 (Incorrect default permissions in some firmware for the Intel(R) Arc(TM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-32088 (Improper conditions check for some Intel(R) QAT Windows software befor ...)
NOT-FOR-US: Intel
CVE-2025-32038 (Uncontrolled search path for some FPGA Support Package for the Intel o ...)
@@ -1710,7 +1710,7 @@ CVE-2025-31937 (Out-of-bounds read for some Intel(R) QAT Windows software before
CVE-2025-31931 (Uncontrolled search path for the Instrumentation and Tracing Technolog ...)
NOT-FOR-US: Intel
CVE-2025-31647 (Uncontrolled search path for some Intel(R) Graphics Software before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-31645 (Uncontrolled search path for some System Event Log Viewer Utility soft ...)
NOT-FOR-US: Intel
CVE-2025-31146 (Time-of-check time-of-use race condition for some Intel Ethernet Adapt ...)
@@ -1750,7 +1750,7 @@ CVE-2025-26405 (Improper control of dynamically-managed code resources for some
CVE-2025-26402 (Protection mechanism failure for some Intel(R) NPU Drivers within Ring ...)
TODO: check
CVE-2025-25216 (Improper input validation in some firmware for some Intel(R) Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-25059 (Uncontrolled search path for some Intel(R) One Boot Flash Update (Inte ...)
NOT-FOR-US: Intel
CVE-2025-24918 (Improper link resolution before file access ('link following') for som ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f04b6d6392d7a98bd9fe975eb6680ade933b47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f04b6d6392d7a98bd9fe975eb6680ade933b47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251116/def60f32/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list