CVE-2015-1170: Windows Privilege Impersonation Check

Answer ID 3634   |    Published 02/23/2015 01:23 PM   |    Updated 03/03/2015 09:22 AM

CVE-2015-1170: Windows Privilege Impersonation Check

Vulnerability Description:

The NVIDIA Display Driver's kernel administrator check improperly validates local client impersonation levels in some cases.

Exploit Scope and Risk:

The attacker must already have local access on the machine.Under certain conditions, a local user on the system can use improper impersonation behaviors of NVIDIA driver API's to access resources that are intended for local administrator access only. Under these conditions, this behavior may lead to privilege escalation of the local user account, leading to a system compromise.

The CVSS Risk assessment is listed below.

Base CVSS Score

6.6

Impact Subscore

10.0

Confidentiality: Partial

(C:C)

Integrity: Partial

(I:C)

Availability: Complete

(A:C)

Exploitability Subscore

2.7

Access Vector: Local

(AV:L)

Access Complexity: High

(AC:M)

Authentication: Single

(Au:S)

Temporal Subscore

5.2

Exploitability: Proof of Concept Code

(E:POC)

Remediation Level: Official fix

(RL:OF)

Report Confidence: Confirmed

(RC:C)

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA is not aware of any exploits involving these issues.

Vulnerable Configurations:

This vulnerability affects all GPUs with Windows XP, Windows Vista, Windows 7, and Windows Server 2008/2008 R2 systems using NVIDIA GPU Display Driver components, or derived packages which use NVIDIA GPU Display Driver components.

Vulnerability Discovery:

This bug was reported to NVIDIA by James Forshaw, Project Zero, Google.

Fix:

NVIDIA recommends updating to a patched driver for your specific platform need as detailed below.

GeForce Notebook, Quadro or NVS Notebook:

Driver downloads

Operating System

GPU Family

Fixed in Branch

Windows Vista/Windows 7

Tesla and later

R304: Version 309.08 or later

(Last branch to support Windows Vista for Notebook)

Windows 7

Tesla and later

R340: Version 341.44 or later

(Last branch to support Tesla GPUs)

Windows 7

Fermi and later

R343: Version 345.20 or later

R346: Version 347.52 or later

GeForce Desktop:

Driver downloads

Operating System

GPU Family

Fixed in Branch

Windows Vista / Windows 7

Nv 4x - G7x

R304: Version 309.08 or later

Windows Vista / Windows 7

Tesla and later

R340: Version 341.44 or later

(Last branch to support Tesla GPUs)

Windows Vista / Windows 7

Fermi and later

R343: Version 345.20 or later

R346: Version 347.52 or later

Quadro or NVS Workstation:

Driver downloads

Operating System

GPU Family

Fixed in Branch

Windows Vista / Windows 7 / Windows Server 2008, 2008R2

Nv 4x - G7x

R304: Version 309.08 or later

Windows Vista / Windows 7 / Windows Server 2008, 2008R2

Tesla and later

R340: Version 341.44 or later

(Last branch to support Tesla GPUs)

Windows Vista / Windows 7 / Windows Server 2008, 2008R2

Fermi and later

R343: Version 345.20 or later

R346: Version 347.52 or later

GRID baremetal or GPU passthrough:

Driver downloads

Operating System

GPU Family

Fixed in Branch

Windows 7 /
Windows Server 2008, 2008R2

Kepler and later

R343: Version 345.20 or later

R346: Version 347.52 or later

GRID virtual GPU (vGPU):

Driver downloads

Operating System

GPU Family

Fixed in Branch

Windows 7 /
Windows Server 2008R2

Kepler and later

R346: Version 347.52 or later

Windows 8 and Later:

Not affected

Windows XP:

Windows XP is considered vulnerable to this issue though Windows XP is EOL, no longer supported by Microsoft, and subject to numerous other exploits. If you have questions or concerns with specific Windows XP installations, please contact your NVIDIA support team for more information. NVIDIA will not be providing explicit patches for Windows XP systems at this time.

Mitigations:

As the exploit requires local access and a user/process running as administrator to allow impersonation, safe computing practices can mitigate your general risk.

As always, observe safe computing practices by:

· Only downloading or executing content and programs from trusted third parties.

· Run your system and programs with the least privilege necessary. Users should run without administrator rights whenever possible.

· When running as administrator, do not elevate UAC privileges for activities or programs that don't need them.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

Print