FreeBSD : NVIDIA UNIX driver -- access to arbitrary system memory (b91234e7-9a8b-11e1-b666-001636d274f3)

high Nessus Plugin ID 59086

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

NVIDIA Unix security team reports :

Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory. NVIDIA is not aware of any reports of this vulnerability, outside of the disclosure which was made privately to NVIDIA.

NVIDIA has identified the root cause of the vulnerability and has released updated drivers which close it. [NVIDIA encourages] all users with Geforce 8 or newer, G80 Quadro or newer, and all Tesla GPUs to update their drivers to 295.40 or later.

Later, it was additionally discovered that similar exploit could be achieved through remapping of VGA window :

NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?972674c6

Plugin Details

Severity: High

ID: 59086

File Name: freebsd_pkg_b91234e79a8b11e1b666001636d274f3.nasl

Version: 1.10

Type: local

Published: 5/14/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/10/2012

Vulnerability Publication Date: 3/20/2012

Reference Information

CVE: CVE-2012-0946, CVE-2012-4225