CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver

Answer ID 3763   |    Published 09/24/2015 08:03 AM   |    Updated 09/25/2015 01:37 AM

Vulnerability Description

A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges.

A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written.

Exploit Scope and Risk:

This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products.

Common Vulnerability Scoring System

CVSS Base Score 6.6

Exploitability Sub-score 2.7

Access Vector Local

Access Complexity Medium

Authentication Single

Impact Sub-score 10

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Vulnerability Discovery:

NVIDIA was informed of this issue by researcher Dario Weisser. Mr. Weisser reported the vulnerability and provided a proof-of-concept exploit that caused a denial of service on the system. Mr. Weisser also claimed to have an escalation of privilege exploit using the same vulnerability; this exploit was not provided to NVIDIA.

 

Fix

NVIDIA recommends that users upgrade to the fixed driver version - details below.

Windows

Branch

1st version including the fix

R352

353.82

R340

341.81

Linux

Branch

1st version including the fix

R304

304.128

R340

340.93

R352

352.41

GRID vGPU and vSGA

Branch

1st version including the fix

R352

352.46

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

Print