Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abfc9ff2 by Salvatore Bonaccorso at 2025-08-12T22:56:18+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2025-24303 (Improper check for unusual or exceptional
conditions in the Linu
CVE-2025-24302 (Uncontrolled recursion for some TinyCBOR libraries maintained
by Intel ...)
TODO: check
CVE-2025-24296 (Improper input validation in some firmware for the Intel(R)
E810 Ether ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver
for som ...)
TODO: check
CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode
driver f ...)
@@ -447,7 +447,7 @@ CVE-2025-22834 (AMI APTIOV contains a vulnerability in BIOS
where a user may cau
CVE-2025-22830 (APTIOV contains a vulnerability in BIOS where a skilled user
may cause ...)
NOT-FOR-US: AMI
CVE-2025-22392 (Out-of-bounds read in firmware for some Intel(R) AMT and
Intel(R) Stan ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R)
TDX may ...)
TODO: check
CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver
& Suppor ...)
@@ -459,9 +459,9 @@ CVE-2025-21090 (Missing reference to active allocated
resource for some Intel(R)
CVE-2025-21086 (Improper input validation in the Linux kernel-mode driver for
some Int ...)
TODO: check
CVE-2025-20627 (Uncontrolled search path for some Intel(R) oneAPI DPC++/C++
Compiler s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless
WiFi Softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in
the firmw ...)
TODO: check
CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache
mechani ...)
@@ -477,29 +477,29 @@ CVE-2025-20092 (Uncontrolled search path for some Clock
Jitter Tool software bef
CVE-2025-20090 (Untrusted Pointer Dereference for some Intel(R) QuickAssist
Technology ...)
TODO: check
CVE-2025-20087 (Incorrect default permissions for some Intel(R) oneAPI
DPC++/C++ Compi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20077 (Missing release of memory after effective lifetime in the UEFI
OobRasM ...)
TODO: check
CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R)
Connectivit ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R)
CSME and I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20053 (Improper buffer restrictions for some Intel(R) Xeon(R)
Processor firmw ...)
- intel-microcode <unfixed>
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
CVE-2025-20048 (Uncontrolled search path for the Intel(R) Trace Analyzer and
Collector ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20044 (Improper locking for some Intel(R) TDX Module firmware before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20037 (Time-of-check time-of-use race condition in firmware for some
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-20025 (Uncontrolled recursion for some TinyCBOR libraries maintained
by Intel ...)
TODO: check
CVE-2025-20023 (Incorrect default permissions for some Intel(R) Graphics
Driver softwa ...)
TODO: check
CVE-2025-20017 (Uncontrolled search path for some Intel(R) oneAPI Toolkit and
componen ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-54678 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
NOT-FOR-US: Siemens
CVE-2024-52964 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
@@ -527,7 +527,7 @@ CVE-2024-40588 (Multiple relative path traversal
vulnerabilities [CWE-23] in For
CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where a user may cause
an Intege ...)
TODO: check
CVE-2024-33607 (Out-of-bounds read in some Intel(R) TDX module software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26009 (An authentication bypass using an alternate path or channel
[CWE-288] ...)
NOT-FOR-US: Fortinet
CVE-2023-45584 (A double free vulnerability [CWE-415] in Fortinet FortiOS
version 7.4. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abfc9ff2542f11e9d33657071590a4bdb266a255
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abfc9ff2542f11e9d33657071590a4bdb266a255
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
