Security Bulletin: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver

Answer ID 3763
Updated 05/15/2017 12:18 PM

A vulnerability in the NVIDIA driver could be used to gain local root privileges


Go to NVIDIA Product Security.


Vulnerability Description

This could be used to gain local root privileges.

A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written.

Exploit Scope and Risk

This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products.

Common Vulnerability Scoring System

CVSS Base Score 6.6

Exploitability Sub-score 2.7

Access Vector Local

Access Complexity Medium

Authentication Single

Impact Sub-score 10

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Vulnerability Discovery

NVIDIA was informed of this issue by researcher Dario Weisser. Mr. Weisser reported the vulnerability and provided a proof-of-concept exploit that caused a denial of service on the system. Mr. Weisser also claimed to have an escalation of privilege exploit using the same vulnerability; this exploit was not provided to NVIDIA.

Fix

NVIDIA recommends that users upgrade to the fixed driver version - details below.

Windows

Branch 1st version including the fix
R352 353.82
R340 341.81

Linux

Branch 1st version including the fix
R304 304.128
R340 340.93
R352 352.41

GRID vGPU and vSGA

Branch 1st version including the fix
R352 352.46
Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US