NVIDIA Linux Driver Hack Gives You Root Access?

Asked by AG Restringere on 2012-08-02

Link: http://www.phoronix.com/scan.php?page=news_item&px=MTE1MTk

Apparently there is a security vulnerability with the current Nvidia Drivers that gives the attacker root access?

Excerpt from Phoronix article:

"David Airlie published this NVIDIA hack today to a mailing list (the exploit is attached there as a single C file). Airlie isn't the original author of this hack but rather the code was passed onto him by an anonymous user(s). The code was forwarded to NVIDIA Corp more than one month ago, but the official NVIDIA Linux proprietary driver developers have yet to act on the vulnerability. As a result, it was decided to release this to the public. Now maybe NVIDIA will take care of it since this 760 lines of C code can provide root access to a system running the NVIDIA binary blob.
First up I didn't write this but I have executed it and it did work here,

I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I'd post it for them.

It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory."

Questions:

1. Which Nvidia Proprietary driver versions does this affect?

2. Should we update to a specific version to avoid this?

3. Are Nvidia 295.49 x86_64 drivers safe?

4. Is Ubuntu 12.04 LTS 3.2.0-27-generic #43-Ubuntu immune from this?

I suggest you report a bug and mark it as a vulnerability bug

Best Thomas Krüger (thkrueger) said : #2

1. All recent versions of the properitary driver are affected.
2. (see 1.)
3. no
4. no

The bug is rather serious and there is no fix yet. Since the dirver is closed source a fix must be provided by nVidia. There is no reaction from them yet.
If you are really concerned about security, you should consider using the Nouveau open source drivers. (package: xserver-xorg-video-nouveau). They might have some limitatons but are safe.

Took your advice and added this as a bug: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/+bug/1032344

If you can confirm it to bump it up a bit it would be great to get some answers and a fix...

Thanks Thomas Krüger, that solved my question.