CVE-2014-5332: TEGRA LINUX KERNEL NVMAP VULNERABILITY

Answer ID 3618
Published 01/06/2015 01:21 PM
Updated 01/15/2015 02:36 PM
CVE-2014-5332: TEGRA LINUX KERNEL NVMAP VULNERABILITY

CVE-2014-5332: TEGRA LINUX KERNEL NVMAP VULNERABILITY

This technical bulletin provides information about security vulnerability in Linux implementations, including those provided with NVIDIA® Vibrante Linux releases. A possible momentary memory use-after-free bug in NVMap can allow unprivileged user‑mode software to gain root access.

Vulnerability Description:

A momentary use-after-free vulnerability in the NVMap component allows a fixed single bit to clear data in a recycled memory structure. To take advantage of this vulnerability, an attacker needs to exploit the race condition that exists between the conversion of the FD to a handle structure pointer (one point in time) and the ref count increment of the handle structure (another point in time), and force the handle memory structure to be recycled in a kernel process where the fixed bit can be leveraged for exploit.

NVIDIA is not aware of any exploits that attempt to leverage this vulnerability.

Exploit Scope and Risk:

With sufficient effort and winning the race conditions, a single bit modification in the appropriate kernel structure can be leveraged into a privilege escalation of kernel, allowing for kernel compromise.

Overall CVSS Score

6.0

Impact Subscore

10.0

Confidentiality: Complete

(C:C)

Integrity: Complete

(I:C)

Availability: Complete

(A:C)

Exploitability Subscore

1.5

Access Vector: Local

(AV:L)

Access Complexity: High

(AC:H)

Authentication: Single

(Au:S)

Temporal Subscore

4.7

Exploitability: Proof of Concept Code

(E:POC)

Remediation Level: Official fix

(RL:OF)

Report Confidence: Confirmed

(RC:C)

NVIDIA is not aware of any public exploits that attempt to leverage this vulnerability.

Vulnerable Configurations:

The following releases have this vulnerability and are based on the Tegra Linux Kernel version 3.10.

Android

2014-01-23 Tegra BSP Release (19r11)

2014-02-06 Tegra BSP Release (19r12)

2014-02-20 Tegra BSP Release (19r13)

2014-03-06 Tegra BSP Release (19r14)

2014-03-20 Tegra BSP Release (19r15)

2014-04-07 Tegra BSP Release (19r15.1)

2014-05-02 Tegra BSP Release (19r16)

2014-10-28 Tegra BSP Release (19r17)

2014-02-20 Tegra BSP Release (20r1)

2014-03-06 Tegra BSP Release (20r2)

2014-03-20 Tegra BSP Release (20r3)

2014-04-03 Tegra BSP Release (20r4)

2014-04-17 Tegra BSP Release (20r5)

2014-05-01 Tegra BSP Release (20r6)

2014-05-15 Tegra BSP Release (20r7)

2014-05-29 Tegra BSP Release (20r8)

2014-09-03 Tegra BSP Release (21r7)

ChromeOS

Chrome OS R36

Chrome OS R37

Vulnerability Discovery:

NVIDIA was alerted to this issue by Lee Campbell, Chrome Security, Google.

Resolution:

NVIDIA has released code fixes to upstream repositories and device vendors. NVIDIA recommends contacting the vendor of your device about any appropriate software updates.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US