| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Jan 2011 09:09:08 -0700 From: gran@...ssic.chem.msu.su To: bugtraq@...urityfocus.com Subject: CUDA drivers/Linux security hole Hello, We have recently found serious security breach in CUDA Linux drivers: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm In brief, driver maps pinned memory to user space but does not initialize it to zero. As an example, our simplest "proof of concept" program was able to read large fragments of files being written or read by other users. Kind regards, Alex Granovsky Firefly Project http://classic.chem.msu.su/gran/firefly/
Powered by blists - more mailing lists