Date: Fri, 03 Sep 2021 19:06:26 -0700 From: Neel Chauhan <nc@FreeBSD.org> To: Tomasz CEDRO <tomek@cedro.info> Cc: freebsd-desktop@freebsd.org, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: malware in gpu adress space Message-ID: <54142f61126127c158644229e32ba99f@FreeBSD.org> In-Reply-To: <CAM8r67CJQziZf=aKxBTCQ=sgdomG25fmqsSY0oTf3BHGHq6Zbw@mail.gmail.com> References: <CAM8r67CJQziZf=aKxBTCQ=sgdomG25fmqsSY0oTf3BHGHq6Zbw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Disclaimer: I work at Microsoft, but not on Windows. In fact, I am pretty much clueless on how NT works on the inside. On 2021-09-02 13:11, Tomasz CEDRO wrote: > I have found that article on hiding malware/rootkit in GPU address > space using OpenCL 2.0+ and launching it from there as evasion on > antivirus software. > > https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ > > Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL? > Is it possible on FreeBSD? :-) If you read this quote in the article: > According to the advertiser, the project works only on Windows systems > that support versions 2.0 and above of the OpenCL framework for > executing code on various processors, GPUs included. The app by itself can't run on FreeBSD as it exists today. It would depend on whether mesa has the same vulnerability as the Windows OpenGL implementation, or if it's a hardware vulnerability (in which case it can affect all OSes). I'm no expert on OpenCL. Yes, I've helped with drm-kmod 5.6-wip, but that's about it with GPU drivers. -Neel (nc@)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54142f61126127c158644229e32ba99f>