[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An example of hardware/software vulns - GPUs

On 07/13/2017 08:17 AM, Millar, Thomas wrote:
> So the answer turns out to be that if we want greater coverage of true
> hardware vulnerabilities, we need to figure out how to include exactly
> what needs to be covered in the Counting Rules definitions and then
> update the documentation. I think Kurt’s point about tolerances
> inherited from product standards and/or marketing pronouncements is a
> reasonable starting point.

I'd also like to posit that DoS is a much broader category then say
"privilege escalation" for physical things and that we might want to
specifically state that "due to the ability to physically smash/inject
glue into/wrap in duct tape the category of attacks that result in
physical DoS of a given object or system must show some property that
allows an attacker to very easily achieve this goal or the DoS is
especially severe and threatening and take it on a case by case basis.
And we might end up with a bunch of CVEs for attacks that can't easily
be addressed/fixed, but at least people might be more aware of the risks
involved and take other measures.


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: July 13, 2017