[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An example of hardware/software vulns - GPUs



On 2017-07-10 00:04, Kurt Seifried wrote:
> https://www.aimlab.org/haochen/papers/npc16-overflow.pdf
> 
> I really think CVE needs to consider more/better hardware coverage.

I only skimmed the first few pages, but got the impression that paper 
says "GPU architecture is different that modern CPUs, especially around 
memory layout/protection" and it isn't immediately clear to me where 
responsibility for any vulnerability lies.  Is it simply not possible 
to write memory-corruption-proof code for GPUs?

Regardless, I have no problem with issuing CVE IDs for hardware 
vulnerabilities.  I'm just claiming that they are rare, and usually 
involve low-level software.

 - Art


Page Last Updated or Reviewed: July 13, 2017