Industry News

NVIDIA Driver Bug Grants Arbitrary Root Access to Local Users

A flaw in NVIDIA’s closed-source video driver for Linux can be exploited to gain root privileges, according to a notification published by Dave Airlie, veteran Linux kernel and developer. The bug, discovered and documented by an anonymous researcher, had also been submitted to NVIDIA in late June, but the company failed to respond.

Image credit: NVIDIA

The message is accompanied by a proof-of-concept script that reveals the exploitation mechanism. The /dev/nvidia0 device accepts changes to the VGA window and can move this window until it reaches a location in the physical memory where it can read and write. When the exploit code is loaded into the memory, it simply performs a privilege escalation attack by manipulating the kernel memory.

Successful exploitation leads to regular, limited local users being granted root access (the Windows equivalent of Administrator). Root users can perform system-wide changes to the computer, as well as control accounts, among others.

Open-Source Linux and proprietary NVIDIA drivers have a long history of not playing together too well, given the closed nature of the code, which prevents hacking and modification – and, implicitly, community-supported patching. This made not only users complain, but also forced Linux maker Linus Torvalds to publicly refer to NVIDIA as “the single worst company he ever dealt with” in terms of driver development and support during the Aalto Talk in Otaniemi on June 14.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment