Bug#913467: nvidia-graphics-drivers: CVE‑2018‑6260: access to application data processed on the GPU through a side channel exposed by the GPU performance counters
Andreas Beckmann
anbe at debian.org
Wed Feb 20 11:41:10 GMT 2019
On 2019-02-19 17:42, Moritz Muehlenhoff wrote:
>> Unfortunately we have no idea - NVIDIA's security tracker was never
>> updated after the initial mention of the CVE:
>>
>> https://nvidia.custhelp.com/app/answers/detail/a_id/4738
>
> Ack, we can revisit once more information is available.
There was an upstream changelog entries that appeared for the 340.xx
series in the 410.93 release:
- Added a new kernel module parameter,
NVreg_RestrictProfilingToAdminUsers,
to allow restricting the use of GPU performance counters to system
administrators only.
but that was not announced afaik. That change should be in sid (410.xx)
and experimental (415.xx) (but there haven't been 340/390 releases
since). But the entry is again missing from the 418.xx beta upstream
changelog, which could either indicate a missing upstream merge or a
revert ...
Andreas
More information about the pkg-nvidia-devel
mailing list