Potential Side-channel during Graphics Rendering
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
onboard (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Dear Ubuntu Development Team,
We're a group of researchers from University of California Riverside. We recently discovered that the Onboard keyboard application takes a variable amount of time to render the highlight effect depending on the input character. As a result, an unprivileged attacker could potentially utilize flush+reload cache side-channel attack to measure the execution time of said functions to infer users' text input. We verified this using the Onboard 1.2.0-0ubuntu5 that comes with Ubuntu 16.04.03 LTS.
The side-channel resides in Cairo graphics library. We contacted the Cairo development team and they instruct us to contact you instead.
For detailed information please refer to our paper in the link below. We would be very happy to work with you to address this issue. Please let us know what you think.
https:/
Sincerely,
Daimeng Wang
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: onboard 1.2.0-0ubuntu5
ProcVersionSign
Uname: Linux 4.4.0-101-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.13
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 24 14:19:48 2019
InstallationDate: Installed on 2016-01-07 (1203 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: onboard
UpgradeStatus: Upgraded to xenial on 2017-11-21 (519 days ago)
information type: | Private Security → Public Security |
Changed in onboard (Ubuntu): | |
status: | New → Confirmed |
Hi! Thanks for reporting this issue.
That's an interesting paper, I assume it has been published already?
Is there any reason to keep this bug private?
I'm a bit puzzled why the Cairo team would think we would be able to correct this, though there are a lot of different components to the issue. Perhaps making the bug public would allow someone capable of solving this issue to comment in it.
Can I make this bug public?