Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

Posted by Unknown on from the rms-gazes-upon-you-smugly dept.

An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.

4 of 180 comments (clear)

  1. Open Source Advantage by Nerdfest · · Score: 5, Insightful

    I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.

  2. Re:Who did he send it to at Nvidia? by Anonymous Coward · · Score: 5, Insightful

    Maybe people need to stop being apologists for this kind of thing...

    Companies don't just hand out the email address for the head of their SW development division; maybe if they did we could them let the right people know. I emailed a random Joe when I found an issue with a site, and it got escalated up and it got fixed.

    Maybe if Nvidia had better quality random Joe's, when this sort of stuff did pass by them it would get escalated and not deleted.

  3. Re:Nvidia rotten to the core by fuzzyfuzzyfungus · · Score: 5, Insightful

    Somebody should probably tell Nvidia that a driver that enables arbitrary memory read/write could probably be used as a DRM circumvention mechanism if targeted at a 'protected' program rather than the kernel. That might actually get them to fix it...

  4. Re:Hoooo boy... by Anonymous Coward · · Score: 5, Insightful

    Correct. That's why i choose AMD.

    Not that they're that much better, but at least they tried to.