Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jan 2010 16:52:10 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>,
        Jerome Glisse <jglisse@...hat.com>
Subject: Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible
 security issue, system ram access

On 01/21/2010 04:44 PM, Eugene Teo wrote:
> Quoting from the patch description:
> "This patch workaround a possible security issue which can allow user to
> abuse drm on r6xx/r7xx hw to access any system ram memory. This patch
> doesn't break userspace, it detect "valid" old use of CB_COLOR[0-7]_FRAG
[...]
> The attack is theoretical. To exploit this you need access to the drm
> device file which is usually set to 666 to allow users to have 3D
> acceleration.

Sorry, correction, you need to be root to open the drm device file. 
However, Jerome discussed with me that it is possible if you use an X 
program and use dri/dri2 to get access to the gpu cs ioctl. I have cc'ed 
Jerome to this email who can help answer queries if there are any.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.