Ensure that dom0 kernel is kept up to date if GPU acceleration is used #8972
Labels
C: GPU acceleration
C: infrastructure
C: kernel
P: major
Priority: major. Between "default" and "critical" in severity.
security
This issue pertains to the security of Qubes OS.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
How to file a helpful issue
The problem you're addressing (if any)
Linux does not have any analog of the Xen security predisclosure process. Any GPU driver vulnerabilities will become 0days at the time the patch is posted to the respective mailing list, which is before the fix is available to users.
The solution you'd like
Ensure that if GPU acceleration is turned on, every kernel update is treated as providing security fixes. This means that they will be available in security-testing very soon (less than a week, preferably a day or less) after being released by the Linux stable release team.
The value to a user, and who that user might be
Users using GPU acceleration will not need to fear long patch gaps.
The text was updated successfully, but these errors were encountered: