oss-sec mailing list archives
Palinopsia bug
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 3 Apr 2015 13:07:17 +0200
Hi, As far as I can see this hasn't been posted here yet: https://hsmr.cc/palinopsia/ tl;dr It may be possible to read out parts of previous screen states from the buffer of your graphics card. This can leak data across users, VMs and survives reboots. I'd say these are vulnerabilities in the graphics drivers. It is to be expected that on a multi user system data is not leaked from one account to another (however there are other situations where this also happens, e.g. the fact that on vanilla linux users can see other users processes). A device driver should not leak data across users. (and yes, I know this is not new and has been pointed out before - even more reason to fix it) Redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1076240 Haven't found any infos on fixes yet. I think people of affected GPUs (mine isn't) should report these issues as security vulnerabilities to their graphics driver developers. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Palinopsia bug Hanno Böck (Apr 03)