[Git][security-tracker-team/security-tracker][master] mark several AMD GPU issues as NFU: AMD
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 12 22:44:36 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a42d8300 by Moritz Muehlenhoff at 2025-09-12T23:44:19+02:00
mark several AMD GPU issues as NFU: AMD
These are all for issues in th proprietary Radeon drivers and not for the
stack present in Debian which consists mostly of DRM drivers in Linux
(and which are all covered by the Linux CNA)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1866,17 +1866,17 @@ CVE-2025-0032 (Improper cleanup in AMD CPU microcode patch loading could allow a
CVE-2025-0011 (Improper removal of sensitive information before storage or transfer i ...)
NOT-FOR-US: AMD
CVE-2025-0010 (An out of bounds write in the Linux graphics driver could allow an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0009 (A NULL pointer dereference in AMD Crash Defender could allow an attack ...)
NOT-FOR-US: AMD
CVE-2024-36354 (Improper input validation for DIMM serial presence detect (SPD) metada ...)
NOT-FOR-US: AMD
CVE-2024-36352 (Improper input validation in the AMD Graphics Driver could allow an at ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36346 (Improper input validation in AMD Power Management Firmware (PMFW) coul ...)
NOT-FOR-US: AMD
CVE-2024-36342 (Improper input validation in the GPU driver could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36326 (Missing authorization in AMD RomArmor could allow an attacker to bypas ...)
NOT-FOR-US: AMD
CVE-2024-21970 (Improper validation of an array index in the AND power Management Firm ...)
@@ -1890,13 +1890,13 @@ CVE-2023-31351 (Improper restriction of operations in the IOMMU could allow a ma
CVE-2023-31330 (An out-of-bounds read in the ASP could allow a privileged attacker wit ...)
NOT-FOR-US: AMD
CVE-2023-31326 (Use of an uninitialized variable in the ASP could allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31325 (Improper isolation of shared resources on System-on-a-chip (SOC) could ...)
NOT-FOR-US: AMD
CVE-2023-31322 (Type confusion in the ASP could allow an attacker to pass a malformed ...)
NOT-FOR-US: AMD
CVE-2023-31306 (Improper validation of an array index in the AMD graphics driver softw ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-9943 (An SQL injection vulnerability has been identified in the "ID" attribu ...)
{DSA-5994-1}
- shibboleth-sp 3.5.1+dfsg-1 (bug #1114506)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42d83004692faccebf5da6f3b3f1394e0de956c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42d83004692faccebf5da6f3b3f1394e0de956c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250912/89bdc4db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list