Vulnerability in proprietary NVIDIA driver for Linux
A demonstration of the exploit in action
Linux kernel and X.org developer Dave Airlie has published a program that exploits a vulnerability in NVIDIA's proprietary graphics driver on Linux to give root privileges to an arbitrary user on the system. The program was handed to Airlie anonymously and, he says, it was disclosed to NVIDIA over a month ago. NVIDIA has apparently not responded, so he is publishing it now as requested by the original author.
Airlie, who maintains the Direct Rendering Manager (DRM) subsystem in the kernel, describes the malicious code: it uses the /dev/nvidia0 device to move the VGA window until it reaches a kernel memory region in physical RAM which it can manipulate to perform a privilege escalation. In a short test by The H's associates at heise open on a Fedora 17 system with the current version 295.59 of the NVIDIA driver, the program managed to effortlessly give a normal user root access.
(fab)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
