Serious security issue with CUDA on Linux


We have recently found serious security breach in CUDA Linux drivers.
The problem is related to cudaHostAlloc/cuMemHostAlloc API calls. In brief,
driver maps pinned memory to user space but does not initialize it to zero.
As an example, our simplest “proof of concept” program was able to read large
fragments of files being written or read by other users.

More information on this bug is available here:

Kind regards,

Alex Granovsky
Firefly Project

I find it surprising that Linux does not automatically clear new memory pages…

Besides how many people might assume the memory returned from cudaHostMalloc is zeroed? When you memcpy a new device buffer to host memory you can see device memory is always zeroed…

Considering that people consider Linux’s kernel to be more secure than Windows, this shows in some cases the opposite is true.

Quick update on this…

We have a fix for this issue and will release updated drivers that contain the fix as well as a patch kit for previous drivers early next week.

When the new drivers and patch kit are available, we’ll post the links here.

Linux gives you the option to choose between zero’d (get_zeroed_pages) or non-zero’d memory (get_free_pages)

Seems like an easy enough fix at least ;)

Just allocate memory at initialization (like you should be) and the overhead from zero’ing will be fine.

The new driver is out with the bug fix for both 260 stable and 270 beta branches.

For convenience, direct links to the R260 drivers and patch kit below: