NVIDIA Hole Found; Disclosure Questions

Friday, August 3, 2012 @ 02:08 PM gHale


Just how quickly should a supplier respond to a potential hole in one of its products before it goes public? The answer for one anonymous hacker seems to be one month.

That was the timeline for when a hacker found a security hole in the NVIDIA binary and then reported it to the company “over a month ago” and did not receive a reply, nor did the firm patch the flaw. The exploit is now public.

RELATED STORIES
Framework for Reporting ICS Vulnerabilities
Hacking Victims Still Remain Silent
Amnesty for CA Violations
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

Software Engineer Dave Airlie received details of the vulnerability. After testing it out and discovering that it indeed works, he posted the exploit for everyone to see over a mailing list.

The flaw essentially allows an attacker to write to any part of memory on the system by shifting the VGA window after attaining superuser privileges. Here is what Airlie said in the disclosure:

“First up I didn’t write this but I have executed it and it did work here.

“I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I’d post it for them.

“It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.”

The issue of public exploits continues to hit the industry. Just what is proper and what is not seems to be an open ended question. ICSJWG issued a framework to help in disclosing exploit information.



Leave a Reply

You must be logged in to post a comment.