Memory Leak Affecting firmware-nonfree package, versions *


Severity

Recommended
low

Based on Debian security rating

    Threat Intelligence

    EPSS
    0.07% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN12-FIRMWARENONFREE-6184657
  • published 23 Jan 2024
  • disclosed 16 Jan 2024

How to fix?

There is no fixed version for Debian:12 firmware-nonfree.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firmware-nonfree package and not the firmware-nonfree package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called local memory on various architectures.

CVSS Scores

version 3.1
Expand this section

NVD

6.5 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Changed
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None