|
Message-ID: <20150403130717.47fe512d@pc1.railnet.train>
Date: Fri, 3 Apr 2015 13:07:17 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Palinopsia bug
Hi,
As far as I can see this hasn't been posted here yet:
https://hsmr.cc/palinopsia/
tl;dr It may be possible to read out parts of previous screen states
from the buffer of your graphics card. This can leak data across users,
VMs and survives reboots.
I'd say these are vulnerabilities in the graphics drivers.
It is to be expected that on a multi user system data is not leaked
from one account to another (however there are other situations where
this also happens, e.g. the fact that on vanilla linux users can see
other users processes). A device driver should not leak data across
users.
(and yes, I know this is not new and has been pointed out before - even
more reason to fix it)
Redhat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1076240
Haven't found any infos on fixes yet. I think people of affected GPUs
(mine isn't) should report these issues as security vulnerabilities to
their graphics driver developers.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.