Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 430328

Summary: <x11-drivers/nvidia-drivers-295.71 <x11-drivers/nvidia-drivers-304.32 - privilege escalation through user space access to all memory regions through the VGA window
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: cardoe, spock, xarthisius
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Whiteboard:
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2012-08-07 13:40:53 UTC 
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.

 Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA.

 NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit.

 NVIDIA is committed to security and is working on more robust solutions to prevent malicious manipulations of GPUs.

 NVIDIA has released updated UNIX graphics drivers 295.71 and 304.32, which contain the fix.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2012-08-07 13:45:26 UTC 
In related news:

*nvidia-drivers-302.17-r1 (05 Aug 2012)
*nvidia-drivers-295.59-r1 (05 Aug 2012)

  05 Aug 2012; Doug Goldstein <cardoe@gentoo.org>
  +files/nvidia-blacklist-vga-pmu-registers-256-304.diff,
  +nvidia-drivers-295.59-r1.ebuild, -nvidia-drivers-302.17.ebuild,
  +nvidia-drivers-302.17-r1.ebuild:
  Fix CVE-2012-xxxx. With access to /dev/nvidia* a malicious user could exploit
  the VGA window size to read/write from kernel memory and gain root access.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-08-07 21:57:29 UTC 

*** This bug has been marked as a duplicate of bug 429614 ***
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2012-08-07 23:29:43 UTC 
Oh right. Maintainers weren't CC'd then.