(LiveHacking.com) — Over a month ago an anonymous coder sent a small C program to Dave Airlie, who maintains the Direct Rendering Manager (DRM) subsystem in the Linux kernel, that allows an attacker to gain root access to a Linux machine by exploiting a vulnerability in NVIDIA’s Linux drivers.
The exploit works by using a vulnerability in the /dev/nvidiao device which allows the VGA window to be moved around until it can read and write to somewhere useful in physical RAM. Then the exploit performs a root privilege escalation by writing directly to kernel memory.
Over a month passed since information about the vulnerability was submitted to NVIDIA and the graphics company has not responded. As a result Airlie has made the exploit public.
“I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I’d post it for them,” wrote Dave Airlie in a post to a security mailing list.
NVIDIA has now released version 304.32 of its drivers for Linux, FreeBSD and Solaris. The updated driver contains a hotfix to block access to the registers involved in this attack. At the same time NVIDIA has also blocked access to some other registers which it identified as being susceptible to a similar type of attack.
The 295.71 driver is available for download at the NVIDIA FTP site:
32-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86/295.71/
64-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86_64/295.71/
32-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86/295.71/
64-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86_64/295.71/
The 304.32 driver is also available for download at the NVIDIA FTP site:
32-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86/304.32/
64-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86_64/304.32/
32-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86/304.32/
64-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86_64/304.32/
Details about the updated driver and the patches are available at: http://nvidia.custhelp.com/app/answers/detail/a_id/3140