Control: severity -1 important Hello,
Andreas Beckmann, le mer. 20 févr. 2019 12:41:10 +0100, a ecrit: > On 2019-02-19 17:42, Moritz Muehlenhoff wrote: > >> Unfortunately we have no idea - NVIDIA's security tracker was never > >> updated after the initial mention of the CVE: > >> > >> https://nvidia.custhelp.com/app/answers/detail/a_id/4738 > > > > Ack, we can revisit once more information is available. > > There was an upstream changelog entries that appeared for the 340.xx > series in the 410.93 release: > > - Added a new kernel module parameter, > NVreg_RestrictProfilingToAdminUsers, > to allow restricting the use of GPU performance counters to system > administrators only. > > but that was not announced afaik. That change should be in sid (410.xx) > and experimental (415.xx) (but there haven't been 340/390 releases > since). But the entry is again missing from the 418.xx beta upstream > changelog, which could either indicate a missing upstream merge or a > revert ... At least in the meanwhile users have a way to avoid the issue, so downgrading the bug severity. (personally, I believe users shouldn't ever trust these GPUs for security, and it's not a question of software) Samuel