NVIDIA Driver Security Exploit

Posted by Michael Larabel on October 17, 2006

While this security vulnerability has been known since 2004, Rapid7 had issued a report yesterday on the buffer overflow problem in NVIDIA's binary Linux display drivers -- the issue also likely lies in the FreeBSD and Solaris drivers. This issue allows attackers to run code as root either locally or remotely. A working proof of concept is also available from Rapid7. The solution presented in this report is to remove the closed-source NVIDIA module and use the 2D NV module. NVIDIA has, however, stated that this problem has been fixed with the 1.0-9XXX series drivers. Disabling RenderAccel will also resolve this problem on the vulnerable drivers. There is also news on this NVIDIA Linux driver issue at KernelTrap. A thread has been setup on the Phoronix Forums to discuss this problem.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Comments & Discussion
News Archives
Related NVIDIA News
New NVIDIA Linux Driver Supports...
NVIDIA Releases 310.51 Driver To...
NVIDIA 319.17 Linux Driver...
NVIDIA Publishes Open-Source...
NVIDIA vs. Nouveau Drivers On...
Benchmarks Of NVIDIA's New Linux...
NVIDIA Has Major New Linux...
NVIDIA Has New Driver Update To...
Popular News
Portal Released For Steam On...
Why IBM Now Views LLVM As Being...
Linux 3.10 Kernel Yields Biggest...
Ubuntu To Get Its Own Package...
Steam Linux Usage Still On The...
Linux 3.9 Kernel Released With...
Linux's "Ondemand"...
Ubuntu's Mir Moves Ahead With...
Latest Hardware Reviews
  1. Sumo Lounge Emperor
  2. Gallium3D Continues Improving OpenGL For Older Radeon GPUs
  3. 15-Way Open vs. Closed Source NVIDIA/AMD Linux GPU Comparison
  4. Nouveau vs. NVIDIA Linux Comparison Shows Shortcomings
Latest Software Articles
  1. Intel Linux OpenGL Driver Leading Over Apple OS X
  2. The Cost Of Ubuntu Disk Encryption
  3. Btrfs vs. EXT4 vs. XFS vs. F2FS On Linux 3.10
  4. AMD Radeon R600 GPU LLVM 3.3 Back-End Testing
Latest Linux News
  1. Linux Desktop Security Could Be A Whole Lot Better
  2. KDE 4.11 Will Be The Last Major KDE4 Workspaces Feature Release
  3. New NVIDIA Linux Driver Supports The GeForce GTX 780
  4. Chrome 28 To Offer More Speed Improvements
  5. Digia Announces "Boot To Qt" Project
  6. X.Org Libraries Hit By Round Of Security Issues
  7. Wayland's Weston Gets Output Scaling Support
  8. Raspberry Pi Gets New Wayland Weston Renderer
  9. Debian GNU/Hurd 2013 Release Brings New Packages
  10. Intel Ultrabook Performance Is Faster With Mesa 9.2
  11. Hot Relocation HDD To SSD Support For Btrfs
Latest Forum Talk
  1. Linux Desktop Security Could Be A Whole Lot Better
  2. Raspberry Pi Gets New Wayland Weston Renderer
  3. Wayland's Weston Gets Output Scaling Support
  4. X.Org Libraries Hit By Round Of Security Issues
  5. Fedora 18 Comes To ARMv6, Raspberry Pi
  6. ubuntu and intel
  1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Motherboards
  5. Peripherals
  6. Processors
  7. Software
  8. Operating Systems
  9. All Articles
  1. Linux Benchmarking
  2. OpenBenchmarking.org
  3. Phoronix Test Suite
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).