sent to nvidia over a month ago with no reply or advisory

Story: NVIDIA Fixes Linux GPU Driver Security HoleTotal Replies: 1
Author Content

Aug 05, 2012
8:33 AM EDT
Quoting:I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I'd post it for them.

It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.

This NVIDIA Linux binary exploit has already been brought up within our forums.

This isn't the first time the NVIDIA binary Linux graphics driver has had a security vulnerability but just months ago there was another high-risk flaw. An earlier flaw was known for years before it was finally corrected about a half-decade ago within the NVIDIA Linux driver.

Aug 05, 2012
3:45 PM EDT

OOPS - sent to wrong thread! Sorry!

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!