Full Disclosure mailing list archives
nvidia linux binary driver priv escalation exploit
From: Dave Airlie <airlied () gmail com>
Date: Wed, 1 Aug 2012 10:10:30 +1000
First up I didn't write this but I have executed it and it did work here, I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I'd post it for them. It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory. Dave.
Attachment:
pub.c
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nvidia linux binary driver priv escalation exploit Dave Airlie (Aug 01)
- nvidia linux binary driver priv escalation exploit Daniel Dadap (Aug 05)