Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a42d8300 by Moritz Muehlenhoff at 2025-09-12T23:44:19+02:00
mark several AMD GPU issues as NFU: AMD
These are all for issues in th proprietary Radeon drivers and not for the
stack present in Debian which consists mostly of DRM drivers in Linux
(and which are all covered by the Linux CNA)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1866,17 +1866,17 @@ CVE-2025-0032 (Improper cleanup in AMD CPU microcode
patch loading could allow a
CVE-2025-0011 (Improper removal of sensitive information before storage or
transfer i ...)
NOT-FOR-US: AMD
CVE-2025-0010 (An out of bounds write in the Linux graphics driver could allow
an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-0009 (A NULL pointer dereference in AMD Crash Defender could allow an
attack ...)
NOT-FOR-US: AMD
CVE-2024-36354 (Improper input validation for DIMM serial presence detect
(SPD) metada ...)
NOT-FOR-US: AMD
CVE-2024-36352 (Improper input validation in the AMD Graphics Driver could
allow an at ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36346 (Improper input validation in AMD Power Management Firmware
(PMFW) coul ...)
NOT-FOR-US: AMD
CVE-2024-36342 (Improper input validation in the GPU driver could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2024-36326 (Missing authorization in AMD RomArmor could allow an attacker
to bypas ...)
NOT-FOR-US: AMD
CVE-2024-21970 (Improper validation of an array index in the AND power
Management Firm ...)
@@ -1890,13 +1890,13 @@ CVE-2023-31351 (Improper restriction of operations in
the IOMMU could allow a ma
CVE-2023-31330 (An out-of-bounds read in the ASP could allow a privileged
attacker wit ...)
NOT-FOR-US: AMD
CVE-2023-31326 (Use of an uninitialized variable in the ASP could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-31325 (Improper isolation of shared resources on System-on-a-chip
(SOC) could ...)
NOT-FOR-US: AMD
CVE-2023-31322 (Type confusion in the ASP could allow an attacker to pass a
malformed ...)
NOT-FOR-US: AMD
CVE-2023-31306 (Improper validation of an array index in the AMD graphics
driver softw ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2025-9943 (An SQL injection vulnerability has been identified in the "ID"
attribu ...)
{DSA-5994-1}
- shibboleth-sp 3.5.1+dfsg-1 (bug #1114506)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42d83004692faccebf5da6f3b3f1394e0de956c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42d83004692faccebf5da6f3b3f1394e0de956c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
