From 8450267c819518220cd8f0fc149d6783c65511ac Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 17 Nov 2021 14:37:42 +0100 Subject: NFUs --- data/CVE/2020.list | 12 ++++++------ data/CVE/2021.list | 34 +++++++++++++++++----------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 9cff56eedc..d19863922d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -22161,7 +22161,7 @@ CVE-2020-21641 CVE-2020-21640 RESERVED CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2020-21638 RESERVED CVE-2020-21637 @@ -22185,7 +22185,7 @@ CVE-2020-21629 CVE-2020-21628 RESERVED CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2020-21626 RESERVED CVE-2020-21625 @@ -41977,13 +41977,13 @@ CVE-2020-12956 CVE-2020-12955 RESERVED CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...) - TODO: check + NOT-FOR-US: AMD CVE-2020-12953 RESERVED CVE-2020-12952 RESERVED CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...) - TODO: check + NOT-FOR-US: AMD CVE-2020-12950 RESERVED CVE-2020-12949 @@ -41993,11 +41993,11 @@ CVE-2020-12948 CVE-2020-12947 RESERVED CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...) - TODO: check + NOT-FOR-US: AMD CVE-2020-12945 RESERVED CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...) - TODO: check + NOT-FOR-US: AMD CVE-2020-12943 RESERVED CVE-2020-12942 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f07cdda9d3..d6c51129be 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -41915,13 +41915,13 @@ CVE-2021-26340 CVE-2021-26339 RESERVED CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26334 RESERVED CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) @@ -41929,29 +41929,29 @@ CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform S CVE-2021-26332 RESERVED CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26328 RESERVED CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26324 RESERVED CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26319 RESERVED CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) @@ -41962,7 +41962,7 @@ CVE-2021-26317 CVE-2021-26316 RESERVED CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...) NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in @@ -41975,7 +41975,7 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro NOTE: https://xenbits.xen.org/xsa/advisory-375.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...) - TODO: check + NOT-FOR-US: AMD CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...) NOT-FOR-US: AMD CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) @@ -42968,7 +42968,7 @@ CVE-2021-25942 CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...) NOT-FOR-US: Node deep-override CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...) - TODO: check + - arangodb (bug #761817) CVE-2021-25939 RESERVED CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) -- cgit v1.2.3