[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add two more products covered by Intel CNA rule
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 10 21:43:22 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0bf94aa by Salvatore Bonaccorso at 2026-02-10T22:42:33+01:00
auto-nfu: Add two more products covered by Intel CNA rule
- - - - -
9f868b64 by Salvatore Bonaccorso at 2026-02-10T22:43:03+01:00
Process some NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -340,11 +340,11 @@ CVE-2025-48509 (Missing Checks in certain functions related to RMP initializatio
CVE-2025-40587 (A vulnerability has been identified in Polarion V2404 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2025-36522 (Incorrect default permissions for some Intel(R) Chipset Software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-36511 (Incorrect default permissions for some Intel(R) Memory and Storage Too ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35999 (Incorrect permission assignment for critical resource for some System ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-35998 (Missing protection mechanism for alternate hardware interface in the I ...)
TODO: check
CVE-2025-35992 (Improper conditions check in some firmware for some Intel(R) NPU Drive ...)
@@ -360,7 +360,7 @@ CVE-2025-32467 (Use of uninitialized variable for some TDX Module before version
CVE-2025-32453 (Incorrect default permissions for some Intel(R) Graphics Driver softwa ...)
TODO: check
CVE-2025-32452 (Uncontrolled search path for some AI Playground before version 2.6.1 b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-32092 (Insecure inherited permissions for some Intel(R) Graphics Software bef ...)
TODO: check
CVE-2025-32008 (Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) ...)
@@ -408,6 +408,7 @@ CVE-2025-27243 (Out-of-bounds write in the firmware for some Intel(R) Ethernet C
CVE-2025-25210 (Improper input validation for some Server Firmware Update Utility(SysF ...)
TODO: check
CVE-2025-25058 (Improper initialization for some ESXi kernel mode driver for the Intel ...)
+ NOT-FOR-US: Intel
TODO: check
CVE-2025-24851 (Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet C ...)
TODO: check
=====================================
data/packages/nfu.yaml
=====================================
@@ -446,6 +446,7 @@
- cna: intel
- anyOf:
- product: ACAT
+ - product: AI Playground
- product: AI Playground software
- product: Display Virtualization for Windows OS software
- product: Edge Orchestrator software
@@ -458,6 +459,7 @@
- product: Intel(R) CIP software
- product: Intel(R) Distribution for Python software installers
- product: Intel(R) Killer(TM) Performance Suite software
+ - product: Intel(R) Memory and Storage Tool
- product: Intel(R) Neural Compressor software
- product: Intel(R) One Boot Flash Update (Intel(R) OFU) software
- product: Intel(R) PROSet/Wireless WiFi Software for Windows
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4bf14360a579c6e59d894f0be51c910134923473...9f868b64d0037ea0fa544f95c06f76ac408da5ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4bf14360a579c6e59d894f0be51c910134923473...9f868b64d0037ea0fa544f95c06f76ac408da5ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/4ebffb63/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list