[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: An example of hardware/software vulns - GPUs

What is the scope constraint for hardware vulnerabilities? Dropping iOS devices in most fluids leads to a DoS condition.

Tom Millar, US-CERT

Sent from +1-202-631-1915

From: owner-cve-editorial-board-list@lists.mitre.org on behalf of Art Manion
Sent: Thursday, July 13, 2017 1:58:22 PM
To: Kurt Seifried; cve-editorial-board-list
Subject: Re: An example of hardware/software vulns - GPUs

On 2017-07-10 00:04, Kurt Seifried wrote:
> https://www.aimlab.org/haochen/papers/npc16-overflow.pdf
> I really think CVE needs to consider more/better hardware coverage.

I only skimmed the first few pages, but got the impression that paper says "GPU architecture is different that modern CPUs, especially around memory layout/protection" and it isn't immediately clear to me where responsibility for any vulnerability lies.  Is it simply not possible to write memory-corruption-proof code for GPUs?

Regardless, I have no problem with issuing CVE IDs for hardware vulnerabilities.  I'm just claiming that they are rare, and usually involve low-level software.

 - Art

Page Last Updated or Reviewed: July 13, 2017