Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39964dc9 by Salvatore Bonaccorso at 2025-08-12T22:45:03+02:00
Add new intel-microcode issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,7 +329,9 @@ CVE-2025-32932 (An Improper neutralization of input during
web page generation (
CVE-2025-32766 (A stack-based buffer overflow vulnerability [CWE-121] in
Fortinet Fort ...)
NOT-FOR-US: Fortinet
CVE-2025-32086 (Improperly implemented security check for standard in the
DDRIO config ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-32004 (Improper input validation in the Intel Edger8r Tool for some
Intel(R) ...)
TODO: check
CVE-2025-30034 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
@@ -361,7 +363,9 @@ CVE-2025-26470 (Incorrect default permissions for some
Intel(R) Distribution for
CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before
version ...)
TODO: check
CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R)
Xeon(R) ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-26398 (SolarWinds Database Performance Analyzer was found to contain
a hard-c ...)
NOT-FOR-US: SolarWinds
CVE-2025-25273 (Insufficient control flow management in the Linux kernel-mode
driver f ...)
@@ -407,7 +411,9 @@ CVE-2025-24323 (Improper access control in some firmware
package and LED mode to
CVE-2025-24313 (Improper access control for some Device Plugins for Kubernetes
softwar ...)
TODO: check
CVE-2025-24305 (Insufficient control flow management in the Alias Checking
Trusted Mod ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-24303 (Improper check for unusual or exceptional conditions in the
Linux kern ...)
TODO: check
CVE-2025-24302 (Uncontrolled recursion for some TinyCBOR libraries maintained
by Intel ...)
@@ -419,13 +425,19 @@ CVE-2025-23241 (Integer overflow or wraparound in the
Linux kernel-mode driver f
CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode
driver f ...)
TODO: check
CVE-2025-22889 (Improper handling of overlap between protected memory ranges
for some ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22853 (Improper synchronization in the firmware for some Intel(R) TDX
may all ...)
TODO: check
CVE-2025-22840 (Sequence of processor instructions leads to unexpected
behavior for so ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22839 (Insufficient granularity of access control in the OOB-MSM for
some Int ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-22838 (Uncontrolled search path for some Intel(R) RealSense(TM)
Dynamic Calib ...)
TODO: check
CVE-2025-22836 (Integer overflow or wraparound in the Linux kernel-mode driver
for som ...)
@@ -441,7 +453,9 @@ CVE-2025-21096 (Improper buffer restrictions in the
firmware for some Intel(R) T
CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver
& Suppor ...)
TODO: check
CVE-2025-21090 (Missing reference to active allocated resource for some
Intel(R) Xeon( ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-21086 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
TODO: check
CVE-2025-20627 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++
Compiler s ...)
@@ -451,7 +465,9 @@ CVE-2025-20625 (Improper conditions check for some Intel(R)
PROSet/Wireless WiFi
CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in
the firmw ...)
TODO: check
CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache
mechani ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-20099 (Improper access control for some Intel(R) Rapid Storage
Technology ins ...)
TODO: check
CVE-2025-20093 (Improper check for unusual or exceptional conditions in the
Linux kern ...)
@@ -469,7 +485,9 @@ CVE-2025-20074 (Time-of-check Time-of-use race condition
for some Intel(R) Conne
CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R)
CSME and I ...)
TODO: check
CVE-2025-20053 (Improper buffer restrictions for some Intel(R) Xeon(R)
Processor firmw ...)
- TODO: check
+ - intel-microcode <unfixed>
+ NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
+ NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-20048 (Uncontrolled search path for the Intel(R) Trace Analyzer and
Collector ...)
TODO: check
CVE-2025-20044 (Improper locking for some Intel(R) TDX Module firmware before
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39964dc984a87efc1975aeb0b33fea287a21bb87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39964dc984a87efc1975aeb0b33fea287a21bb87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
