malware in gpu adress space
Neel Chauhan
nc at FreeBSD.org
Sat Sep 4 02:06:38 UTC 2021
Hi,
Disclaimer: I work at Microsoft, but not on Windows. In fact, I am
pretty much clueless on how NT works on the inside.
On 2021-09-02 13:11, Tomasz CEDRO wrote:
> I have found that article on hiding malware/rootkit in GPU address
> space using OpenCL 2.0+ and launching it from there as evasion on
> antivirus software.
>
> https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/
>
> Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL?
> Is it possible on FreeBSD? :-)
If you read this quote in the article:
> According to the advertiser, the project works only on Windows systems
> that support versions 2.0 and above of the OpenCL framework for
> executing code on various processors, GPUs included.
The app by itself can't run on FreeBSD as it exists today. It would
depend on whether mesa has the same vulnerability as the Windows OpenGL
implementation, or if it's a hardware vulnerability (in which case it
can affect all OSes).
I'm no expert on OpenCL. Yes, I've helped with drm-kmod 5.6-wip, but
that's about it with GPU drivers.
-Neel (nc@)
More information about the freebsd-questions
mailing list