oss-sec mailing list archives

Re: CVE Request: NVidia Linux driver

From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Wed, 1 Aug 2012 15:12:00 +0200

Marc Deslauriers <marc.deslauriers () canonical com>
wrote:

Hello,

Could a CVE please be assigned to the following issue:

The binary NVidia Linux driver allows local users to access arbitrary
memory locations by leveraging GPU device-node read/write privileges, and
escalate privileges to root. Possibly an incomplete fix for CVE-2012-0946.

See:

http://seclists.org/fulldisclosure/2012/Aug/4

Thanks,

Marc.


I know that at least Gentoo does this since ~2006:

35 # !!! SECURITY WARNING !!!
36 # DO NOT MODIFY OR REMOVE THE DEVICE FILE RELATED OPTIONS UNLESS YOU KNOW
37 # WHAT YOU ARE DOING.
38 # ONLY ADD TRUSTED USERS TO THE VIDEO GROUP, THESE USERS MAY BE ABLE TO
CRASH,
39 # COMPROMISE, OR IRREPARABLY DAMAGE THE MACHINE.
40 options nvidia NVreg_DeviceFileMode=432 NVreg_DeviceFileUID=0
NVreg_DeviceFileGID=VIDEOGID NVreg_ModifyDeviceFiles=1


http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/x11-drivers/nvidia-drivers/files/nvidia?revision=1.3&view=markup

Tavis.

-- 
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------

Current thread:

CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
- Re: CVE Request: NVidia Linux driver Petr Matousek (Aug 01)
  - Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
- Re: CVE Request: NVidia Linux driver Tavis Ormandy (Aug 01)
  - Re: Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
    - Re: Re: CVE Request: NVidia Linux driver Marcus Meissner (Aug 01)
    - Re: Re: CVE Request: NVidia Linux driver Tavis Ormandy (Aug 01)
- Re: CVE Request: NVidia Linux driver Kurt Seifried (Aug 01)
  - Re: CVE Request: NVidia Linux driver Marc Deslauriers (Aug 01)
    - Re: CVE Request: NVidia Linux driver cve-assign (Aug 08)