Dangerous memory of your graphics adapter

Under the name "Palinopsia Bug" a group of developers report about graphics adapters that remember the contents of your screen even after rebooting the computer. This is achieved by simply accessing the content of the graphic card's frame buffer. While currently being just a proof of concept, the "Palinopsia Bug" could be a potential severe security issue.

Retrieved frame buffer content

ADVERTISEMENT

A team of developers on hsmr.cc wrote a small tool that makes it possible togain direct access to the graphic card's screen buffer. The tool enables the developers to read and display frames that were recently - however before the latest reboot - rendered by the graphics card. During their tests they were able to reproduce this issue with the following drivers:

  • Linux using the open source radeon driver for AMD/ATI cards
  • Linux using the open source nouveau-driver for nVidia-cards
  • Linux using the closed source nVidia-driver
  • Windows using the closed source AMD/ATI catalyst driver

And on these graphics adapters:

  • ATI Radeon HD3750
  • ATI Radeon HD4350/4550
  • nVidia NVS 5400M
  • nVidia GeForce GT650M

The Palinopsia Bug likely also works on other hardware and software combinations.

ADVERTISEMENT

For their exploit they simply allocated texture buffers without initializing them but rather retrieving the data of these buffers. Even after a reboot the buffers contained images that more or less indicated their previous content. The quality of this data seems to be related to the combination of hardware and driver. Three out of the four laptops they used did not erase that data upon reboot.

While this method not only allows programs on the local machine to access video data from before a reboot, it may also give virtual machines, that are supposed to be isolated, access to data on the physical hardware if hardware acceleration for 3D is active.

vm1

ADVERTISEMENT

The people who discovered this bug recommend to turn off your computer after accessing sensitive data.

No posts to display