CVE-2023-4969

2024-01-1617:15:08

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-4969

gpu

sensitive data

local memory

unix

architecture

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.7%

JSON

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called local memory on various architectures.

OSVersionArchitecturePackageVersionFilename
Debian12allfirmware-nonfree<= 20230210-5firmware-nonfree_20230210-5_all.deb
Debian11allfirmware-nonfree<= 20210315-3firmware-nonfree_20210315-3_all.deb
Debian10allfirmware-nonfree<= 20190114-2firmware-nonfree_20190114-2_all.deb
Debian999allfirmware-nonfree<= 20230625-2firmware-nonfree_20230625-2_all.deb
Debian13allfirmware-nonfree<= 20230625-2firmware-nonfree_20230625-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	firmware-nonfree	<= 20230210-5	firmware-nonfree_20230210-5_all.deb
Debian	11	all	firmware-nonfree	<= 20210315-3	firmware-nonfree_20210315-3_all.deb
Debian	10	all	firmware-nonfree	<= 20190114-2	firmware-nonfree_20190114-2_all.deb
Debian	999	all	firmware-nonfree	<= 20230625-2	firmware-nonfree_20230625-2_all.deb
Debian	13	all	firmware-nonfree	<= 20230625-2	firmware-nonfree_20230625-2_all.deb