lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPM=9tyvhYGTty-zAbH6YhTRfLfOMJa21s=AfhCye-YVUo_BVA@mail.gmail.com>
Date: Wed, 1 Aug 2012 10:10:30 +1000
From: Dave Airlie <airlied@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: nvidia linux binary driver priv escalation exploit
First up I didn't write this but I have executed it and it did work here,
I was given this anonymously, it has been sent to nvidia over a month
ago with no reply or advisory and the original author wishes to remain
anonymous but would like to have the exploit published at this time,
so I said I'd post it for them.
It basically abuses the fact that the /dev/nvidia0 device accept
changes to the VGA window and moves the window around until it can
read/write to somewhere useful in physical RAM, then it just does an
priv escalation by writing directly to kernel memory.
Dave.
View attachment "pub.c" of type "text/x-csrc" (18225 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists