CVE-2015-3625: Privilege Escalation via Unsanitized Pointer Dereference in NVIDIA FreeBSD Kernel Driver

Answer ID 3693
Published 06/16/2015 09:55 AM
Updated 06/19/2015 07:31 AM
CVE-2015-3625: Privilege Escalation via Unsanitized Pointer Dereference in NVIDIA FreeBSD Kernel Driver

Vulnerability Description:

The NVIDIA GPU kernel-level driver for FreeBSD does not properly sanitize pointers from user space before dereferencing them.

Exploit Scope and Risk:

To exploit this vulnerability, an attacker must influence the value of pointers passed to the NVIDIA kernel module. This typically requires permission to access the /dev/nvidia* device nodes and the ability to run code as a local user. By crafting special pointers, the attacker has the ability to read or write arbitrary memory in kernel space, which can lead to denial of service, data leaks, data corruption, or privilege escalation and arbitrary code execution.

CVSS Risk assessment is listed below.

CVSS Base Score - 7.2

Exploitability sub-score - 3.9

Access Vector: Local

Access Complexity: Low

Authentication: None

Impact sub-score: 10.0

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

CVSS temporal sub-score: 6

Exploitability: Functional exploit exists

Remediation Level: Official fix

Report Confidence: Confirmed

CVSS Environmental Score - [determined by user]

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA is not aware of an implementation of this exploit in the field.

Vulnerable Configurations:

The NVIDIA GPU FreeBSD kernel module (nvidia.ko) must be loaded for the vulnerability to be present. Typically, the module will be configured when the driver is installed to be automatically loaded when the system boots. NVIDIA GPU drivers for other platforms are not affected.

Vulnerability Discovery:

This vulnerability was discovered during a routine code audit internal to NVIDIA.


NVIDIA recommends that users upgrade to a fixed version of the FreeBSD driver. In addition, a patch is available that can be applied to older driver versions. The patch is equivalent to that applied to the newer driver versions. The patch file is available here:  FreeBSD Driver patch file

The following build/branches have been fixed and released.


Scheduled Support Date

Discrete FreeBSD GPU Drivers

Driver downloads

R352 release

352.09 or better, available as of 5/18/2015

R346 release

346.72 or better, available as of 5/13/2015

Available Patches


Last Released 349.16, patch available


Last released 343.36, patch available


Last released 340.76, patch available, fixed after 340.76


Last released 337.25, patch available,


Last released 334.21, patch available


Last Released 331.113, patch available


Last Released 304.125, patch available


· Change the permissions on the /dev/nvidia* device nodes to restrict access to only those users that need to run GPU-accelerated applications (e.g., OpenGL).

· If the driver is not used, unload the nvidia.ko kernel driver.

Always observe the following safe computing practices:

· Only download or execute content and programs from trusted third parties.

· Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.

· When running as root, do not elevate privileges for activities or programs that don't need them.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.


Chat online with one of our support agents



Contact Support for assistance