[Git][security-tracker-team/security-tracker][master] new AMD GPU issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ee4783e by Moritz Muehlenhoff at 2024-01-23T09:24:03+01:00
new AMD GPU issue

While related fixes might also be needed in the Linux drivers, the gist of
the fixes will be in the firmware, so tracking this for firmware-nonfree.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1160,7 +1160,11 @@ CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 al
 CVE-2023-51381
 	REJECTED
 CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...)
-	TODO: check
+	- firmware-nonfree <unfixed>
+	[bookworm] - firmware-nonfree <postponed> (Minor issue, revisit when updates are available)
+	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+	NOTE: https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/
+	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6010.html
 CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory WordPress ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee4783e5d93c11c4db5075b3479475ab5deb3ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ee4783e5d93c11c4db5075b3479475ab5deb3ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240123/f5abd12f/attachment.htm>