Abstract
We present a preliminary study of buffer overflow vulnerabilities in CUDA software running on GPUs. We show how an attacker can overrun a buffer to corrupt sensitive data or steer the execution flow by overwriting function pointers, e.g., manipulating the virtual table of a C++ object. In view of a potential mass market diffusion of GPU accelerated software this may be a major concern.
Similar content being viewed by others
References
Amazon: CUDA on AWS. http://aws.amazon.com/articles/7249489223918169
Anonymous: Once upon a free(). http://phrack.org/issues/57/9.html
Flux Research Group, University of Utah: KGPU. https://code.google.com/p/kgpu/
Khronos Group: OpenCL. http://www.khronos.org/opencl/
Khronos Group: OpenGL. https://www.opengl.org/
Khronos Group: WebGL. https://www.khronos.org/webgl
NVIDIA: CUDA binary utilities. http://docs.nvidia.com/cuda/cuda-binary-utilities/index.html
NVIDIA: CUDA programming guide. http://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html (2014)
NVIDIA: Parallel thread execution ISA. http://docs.nvidia.com/cuda/parallel-thread-execution/ (2014)
One, A.: Smashing the stack for fun and profit. http://phrack.org/issues/49/14.html
Reynaud, D.: GPU powered malware, Ruxcon (2008)
Rix: SMASHING C++ VPTRS. http://phrack.org/issues/56/8.html
Roberto Di Pietro Flavio Lombardi, A.V.: CUDA leaks: information leakage in GPU architectures. arXiv:1305.7383
Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Info. Syst. Secur. 15(1), 2:1–2:34 (2012)
Silberstein, M., Ford, B., Keidar, I., Witchel, E.: GPUfs: integrating a file system with GPUs. SIGARCH Comput. Archit. News 41(1), 485–498 (2013). doi:10.1145/2490301.2451169
Vasiliadis, G., Polychronakis, M., Ioannidis, S.: GPU-assisted malware. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–6 (2010). doi:10.1109/MALWARE.2010.5665801
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Miele, A. Buffer overflow vulnerabilities in CUDA: a preliminary analysis. J Comput Virol Hack Tech 12, 113–120 (2016). https://doi.org/10.1007/s11416-015-0251-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-015-0251-1