In association with heise online

02 August 2012, 10:09

Vulnerability in proprietary NVIDIA driver for Linux

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom A demonstration of the exploit in action

Linux kernel and developer Dave Airlie has published a program that exploits a vulnerability in NVIDIA's proprietary graphics driver on Linux to give root privileges to an arbitrary user on the system. The program was handed to Airlie anonymously and, he says, it was disclosed to NVIDIA over a month ago. NVIDIA has apparently not responded, so he is publishing it now as requested by the original author.

Airlie, who maintains the Direct Rendering Manager (DRM) subsystem in the kernel, describes the malicious code: it uses the /dev/nvidia0 device to move the VGA window until it reaches a kernel memory region in physical RAM which it can manipulate to perform a privilege escalation. In a short test by The H's associates at heise open on a Fedora 17 system with the current version 295.59 of the NVIDIA driver, the program managed to effortlessly give a normal user root access.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit