User: Password:
|
|
Subscribe / Log in / New account

Privilege escalation vulnerability in the NVidia binary driver

Privilege escalation vulnerability in the NVidia binary driver

Posted Aug 2, 2012 10:42 UTC (Thu) by PaXTeam (guest, #24616)
In reply to: Privilege escalation vulnerability in the NVidia binary driver by THe_ZiPMaN
Parent article: Privilege escalation vulnerability in the NVidia binary driver

note the faulting insn: RIP: 0010:[<00000000004016a7>]

it's code in the *kernel's* code segment with a *userland* address (PaX/KERNEXEC and CR4.SMEP stop exactly this kind of exploit method, but this looks like a powerful bug, it could be exploited other ways). that is, the kernel is executing userland provided code, that's already proof for privilege escalation and the oops is due to the exploit's kernel payload not being bullet proof (something that's not hard to fix up, if that's your game).


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds