Bug#913467: nvidia-graphics-drivers: CVE‑2018‑6260: access to application data processed on the GPU through a side channel exposed by the GPU performance counters

Moritz Mühlenhoff jmm at inutil.org
Mon Feb 18 21:57:59 GMT 2019


On Mon, Nov 12, 2018 at 02:36:23PM +0000, Luca Boccassi wrote:
> On Mon, 2018-11-12 at 13:47 +0100, Andreas Beckmann wrote:
> > On 2018-11-11 13:54, Luca Boccassi wrote:
> > > https://nvidia.custhelp.com/app/answers/detail/a_id/4738
> > 
> > So we expect new releases soon. There is already 415.* ...
> > 
> > Please refrain from any uploads for now while I'm preparing
> > infrastructure changes. I'll do a 390.87-3 upload soon, thereafter
> > you
> > could update that in sid. If there are some pkern commits in the
> > repository, use them, if not, they will come with -2.
> > 
> > (Procedure in 390:
> > do all commits incl. finalization of changelog in 390
> > merge into master
> > upload from master
> > )
> > 
> > Andreas
> 
> Ok, I see -3 is now in unstable (thanks!) so if something comes out for
> the 390 branch I'll follow that procedure and upload to unstable from
> master.
> 
> What about -legacy-390xx?
> 
> > PS: finally a reason to push 390 to stretch, lets do it soon at the
> > beginning of the new point release cycle
> 
> Yes, sounds good, 384 is not maintained anymore.

I'm confused by all the branches in buster. Can you please confirm
which are fixed for CVE-2018-6260 and which are not? (And if so, which
version in sid fixed it):

nvidia-graphics-drivers: 390.87-8 (sid: 410.93-2)
nvidia-graphics-drivers-legacy-390xx: 390.87-6 (sid the same)
nvidia-graphics-drivers-legacy-340xx: 340.107-3 (sid the same)
nvidia-graphics-drivers-legacy-304xx: not in testing

Cheers,
        Moritz



More information about the pkg-nvidia-devel mailing list