oss-sec mailing list archives
Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 21 Jan 2010 10:46:00 +0100
Eugene Teo wrote:
On 01/21/2010 04:44 PM, Eugene Teo wrote:Quoting from the patch description: "This patch workaround a possible security issue which can allow user to abuse drm on r6xx/r7xx hw to access any system ram memory. This patch doesn't break userspace, it detect "valid" old use of CB_COLOR[0-7]_FRAG[...]The attack is theoretical. To exploit this you need access to the drm device file which is usually set to 666 to allow users to have 3D acceleration.Sorry, correction, you need to be root to open the drm device file.
You lost me. Do you mean the driver itself checks for CAP_SYS_ADMIN for this particular operation? It wouldn't make much sense to set the device to 666 or have udev put ACLs on it otherwise. $ grep drm /lib/udev/rules.d/70-acl.rules SUBSYSTEM=="drm", KERNEL=="card*", ENV{ACL_MANAGE}="1" cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Ludwig Nussel (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Jerome Glisse (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Ludwig Nussel (Jan 21)
- Re: CVE request - kernel: drm/radeon: r6xx/r7xx possible security issue, system ram access Eugene Teo (Jan 21)