Vulnerability Description:
The NVIDIA GPU kernel-level driver for FreeBSD does not properly sanitize pointers from user space before dereferencing them.
Exploit Scope and Risk:
To exploit this vulnerability, an attacker must influence the value of pointers passed to the NVIDIA kernel module. This typically requires permission to access the /dev/nvidia* device nodes and the ability to run code as a local user. By crafting special pointers, the attacker has the ability to read or write arbitrary memory in kernel space, which can lead to denial of service, data leaks, data corruption, or privilege escalation and arbitrary code execution.
The CVSS Risk assessment is listed below.
CVSS Base Score - 7.2
Exploitability sub-score - 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Impact sub-score: 10.0
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS temporal sub-score: 6
Exploitability: Functional exploit exists
Remediation Level: Official fix
Report Confidence: Confirmed
CVSS Environmental Score - [determined by user]
NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA is not aware of an implementation of this exploit in the field.
Vulnerable Configurations:
The NVIDIA GPU FreeBSD kernel module (nvidia.ko) must be loaded for the vulnerability to be present. Typically, the module will be configured when the driver is installed to be automatically loaded when the system boots. NVIDIA GPU drivers for other platforms are not affected.
Vulnerability Discovery:
This vulnerability was discovered during a routine code audit internal to NVIDIA.
Fix:
NVIDIA recommends that users upgrade to a fixed version of the FreeBSD driver. In addition, a patch is available that can be applied to older driver versions. The patch is equivalent to that applied to the newer driver versions. The patch file is available here: FreeBSD Driver patch file
The following build/branches have been fixed and released.
|
Driver |
Scheduled Support Date |
|
Discrete FreeBSD GPU Drivers |
|
|
R352 release |
352.09 or better, available as of 5/18/2015 |
|
R346 release |
346.72 or better, available as of 5/13/2015 |
|
Available Patches |
|
|
R349 |
Last Released 349.16, patch available |
|
R343 |
Last released 343.36, patch available |
|
R340 |
Last released 340.76, patch available, fixed after 340.76 |
|
R337 |
Last released 337.25, patch available, |
|
R334 |
Last released 334.21, patch available |
|
R331 |
Last Released 331.113, patch available |
|
R304 |
Last Released 304.125, patch available |
Mitigations:
Change the permissions on the /dev/nvidia* device nodes to restrict access to only those users that need to run GPU-accelerated applications (e.g., OpenGL).
If the driver is not used, unload the nvidia.ko kernel driver.
Only download or execute content and programs from trusted third parties.
Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.
When running as root, do not elevate privileges for activities or programs that don't need them.
Always observe the following safe computing practices: