oss-sec mailing list archives
Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access
From: Eugene Teo <eugene () redhat com>
Date: Thu, 21 Jan 2010 16:52:10 +0800
On 01/21/2010 04:44 PM, Eugene Teo wrote:
Quoting from the patch description: "This patch workaround a possible security issue which can allow user to abuse drm on r6xx/r7xx hw to access any system ram memory. This patch doesn't break userspace, it detect "valid" old use of CB_COLOR[0-7]_FRAG
[...]
The attack is theoretical. To exploit this you need access to the drm device file which is usually set to 666 to allow users to have 3D acceleration.
Sorry, correction, you need to be root to open the drm device file. However, Jerome discussed with me that it is possible if you use an X program and use dri/dri2 to get access to the gpu cs ioctl. I have cc'ed Jerome to this email who can help answer queries if there are any.
Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Ludwig Nussel (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Jerome Glisse (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Ludwig Nussel (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)