Source: firmware-nonfree Version: 20230625-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for firmware-nonfree. CVE-2023-4969[0]: | A GPU kernel can read sensitive data from another GPU kernel (even | from another user or app) through an optimized GPU memory region | called _local memory_ on various architectures. There are though some unclarities about this, so just filling for keeping track of the issue. [1] mentions that AMD expects to to start rolling out mitigations beginning of March 2024, so we might see then more where the mitigations lies and if firmware-nonfree are correct. They mention there rather "upcoming driver updates". If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4969 https://www.cve.org/CVERecord?id=CVE-2023-4969 [1] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6010.html Regards, Salvatore