Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

Posted by Unknown on from the rms-gazes-upon-you-smugly dept.

An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.

3 of 180 comments (clear)

  1. Hoooo boy... by Tarlus · · Score: 4, Interesting

    With all the recent controversy and Linus and other members of the FOSS community flipping Nvidia the bird over the issue of keeping their driver closed, they're certainly going to take this news and run with it.

    --
    /* No Comment */
  2. Re:Who did he send it to at Nvidia? by ZeroSumHappiness · · Score: 4, Interesting

    If you're not surprised then I hope it's because you expect Nvidia to be shite. Microsoft, as policy (though possibly not practice), fully evaluates any possible security exploits submitted because they assume that among the cranks who've already broken through the airlock there might be a real security exploit. This is expensive but necessary. If Nvidia can't do the same then I'll have to seriously consider my choices next time I'm buying a card.

  3. meh by ThorGod · · Score: 4, Interesting

    Not too long ago Intel had a firmware exploit in their processors.

    I still appreciate the effort Nvidia's made to support their cards on OSes such as linux and BSD over the years. I'll still only EVER buy nvidia cards because of their driver support.

    Here's hoping they keep trucking along at it, even with what Linus' said and now this.

    --
    PS: I don't reply to ACs.