[Git][security-tracker-team/security-tracker][master] Add some new AMD CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 10 21:33:34 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bf14360 by Salvatore Bonaccorso at 2026-02-10T22:33:03+01:00
Add some new AMD CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -317,21 +317,26 @@ CVE-2025-62439 (An Improper Verification of Source of a Communication Channel vu
 CVE-2025-55018 (An inconsistent interpretation of http requests ('http request smuggli ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-54514 (Improper isolation of shared resources on a system on a chip by a mali ...)
-	TODO: check
+	- amd64-microcode <unfixed>
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52536 (Improper Prevention of Lock Bit Modification in SEV firmware could all ...)
-	TODO: check
+	- amd64-microcode <unfixed>
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52534 (Improper bound check within AMD CPU microcode can allow a malicious gu ...)
-	TODO: check
+	- amd64-microcode <unfixed>
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-52436 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-48517 (Insufficient Granularity of Access Control in SEV firmware could allow ...)
-	TODO: check
+	- amd64-microcode <unfixed>
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-48515 (Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48514 (Insufficient Granularity of Access Control in SEV firmware can allow a ...)
-	TODO: check
+	- amd64-microcode <unfixed>
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
 CVE-2025-48509 (Missing Checks in certain functions related to RMP initialization can  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-40587 (A vulnerability has been identified in Polarion V2404 (All versions <  ...)
 	NOT-FOR-US: Siemens
 CVE-2025-36522 (Incorrect default permissions for some Intel(R) Chipset Software befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf14360a579c6e59d894f0be51c910134923473

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf14360a579c6e59d894f0be51c910134923473
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/7ceae629/attachment.htm>

More information about the debian-security-tracker-commits mailing list