Date: Sat, 4 Sep 2021 04:44:08 +0200 From: Tomasz CEDRO <tomek@cedro.info> To: Neel Chauhan <nc@freebsd.org> Cc: freebsd-desktop@freebsd.org, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: malware in gpu adress space Message-ID: <CAM8r67CUZxuqvCDSkT-1ztGhQ1AeXvHrpqPbc%2Bo7yLs0WgVp%2Bg@mail.gmail.com> In-Reply-To: <54142f61126127c158644229e32ba99f@FreeBSD.org> References: <CAM8r67CJQziZf=aKxBTCQ=sgdomG25fmqsSY0oTf3BHGHq6Zbw@mail.gmail.com> <54142f61126127c158644229e32ba99f@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 4, 2021 at 4:06 AM Neel Chauhan wrote: > Disclaimer: I work at Microsoft, but not on Windows. In fact, I am > pretty much clueless on how NT works on the inside. > > On 2021-09-02 13:11, Tomasz CEDRO wrote: > > I have found that article on hiding malware/rootkit in GPU address > > space using OpenCL 2.0+ and launching it from there as evasion on > > antivirus software. > > > > https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ > > > > Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL? > > Is it possible on FreeBSD? :-) > > If you read this quote in the article: > > > According to the advertiser, the project works only on Windows systems > > that support versions 2.0 and above of the OpenCL framework for > > executing code on various processors, GPUs included. > > The app by itself can't run on FreeBSD as it exists today. It would > depend on whether mesa has the same vulnerability as the Windows OpenGL > implementation, or if it's a hardware vulnerability (in which case it > can affect all OSes). > > I'm no expert on OpenCL. Yes, I've helped with drm-kmod 5.6-wip, but > that's about it with GPU drivers. > > -Neel (nc@) Just a curiosity and maybe hint to someone that knows the internals and might check if we might have similar problem in the GPU layer :-) Looks like a design flaw / exploited feature of OpenCL 2.0+ ? This is not the part of base, but I was wondering if problem is / may be multiplatform :-) Thanks for your time and reply Neel :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM8r67CUZxuqvCDSkT-1ztGhQ1AeXvHrpqPbc%2Bo7yLs0WgVp%2Bg>