[Git][security-tracker-team/security-tracker][master] Mark some more CVEs as NFU for AMD
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 13 09:06:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f6c828d by Salvatore Bonaccorso at 2025-09-13T10:04:47+02:00
Mark some more CVEs as NFU for AMD
While it is not entirely clear if they might be as well covered in
amd64-microcode, they explicitly state they have mitigations in AMD EPYC
Platform Initialization (PI) firmware. So for now mark them as NFU.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2024-21965
+ NOT-FOR-US: AMD
CVE-2025-9556 (Langchaingo supports the use of jinja2 syntax when parsing prompts, wh ...)
NOT-FOR-US: Langchaingo
CVE-2025-8699 (Some "Stored Value" Unattended Payment Solutions of KioSoft use vulner ...)
@@ -1862,7 +1864,7 @@ CVE-2025-10029 (A security flaw has been discovered in itsourcecode POS Point of
CVE-2025-0034 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
NOT-FOR-US: AMD
CVE-2025-0032 (Improper cleanup in AMD CPU microcode patch loading could allow an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0011 (Improper removal of sensitive information before storage or transfer i ...)
NOT-FOR-US: AMD
CVE-2025-0010 (An out of bounds write in the Linux graphics driver could allow an att ...)
@@ -262617,6 +262619,7 @@ CVE-2023-20573 (A privileged attacker can prevent delivery of debug exceptions t
NOT-FOR-US: AMD
CVE-2023-20572
RESERVED
+ NOT-FOR-US: AMD
CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
NOT-FOR-US: AMD
CVE-2023-20570 (Insufficient verification of data authenticity in the configuration st ...)
@@ -262701,6 +262704,7 @@ CVE-2023-20541
RESERVED
CVE-2023-20540
RESERVED
+ NOT-FOR-US: AMD
CVE-2023-20539
RESERVED
CVE-2023-20538
@@ -307993,7 +307997,7 @@ CVE-2021-46752
CVE-2021-46751
RESERVED
CVE-2021-46750 (Failure to validate the address and size in TEE (Trusted Execution Env ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...)
NOT-FOR-US: AMD
CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
@@ -384152,7 +384156,7 @@ CVE-2021-26385
CVE-2021-26384 (A malformed SMI (System Management Interface) command may allow an att ...)
NOT-FOR-US: AMD
CVE-2021-26383 (Insufficient bounds checking in AMD TEE (Trusted Execution Environment ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26382 (An attacker with root account privileges can load any legitimately sig ...)
NOT-FOR-US: AMD
CVE-2021-26381
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6c828d9150de02c127a0018f2631138ffbc271
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6c828d9150de02c127a0018f2631138ffbc271
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250913/b4099110/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list