There are 3 open security issues in bookworm.
1 important issue:
- CVE-2023-28746:
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
2 issues left for the package maintainer to handle:
- CVE-2024-2193:
(postponed; to be fixed through a stable update)
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
- CVE-2023-46841:
(postponed; to be fixed through a stable update)
You can find information about how to handle these issues in the security team's documentation.