Root exploit in binary nVidia drivers

LWN is reporting the release of information about and a proof of concept exploit for a root exploit bug in the binary nVidia drivers.

There are two NVIDIA graphics drivers for Linux: a closed-source binary blob driver provided by NVIDIA (which provides acceleration) and an open-source driver (which lacks acceleration). NVIDIA’s binary blob driver contains an error in its accelerated rendering of glyphs (text character data) that can be exploited to write arbitrary data to anywhere in memory. The open-source driver is not vulnerable.

1. Affected system(s):

     o NVIDIA Driver For Linux v8774
     o NVIDIA Driver For Linux v8762

     o NVIDIA Driver for FreeBSD
     o NVIDIA Driver for Solaris
     o Earlier versions

     o None

nVidia have been somewhat tardy in addressing the issue:

There have been multiple public reports of this NVIDIA bug on the NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA’s first public acknowledgement of this bug was on July 7th, 2006. In a public posting [1] on the NVNews forum, an NVIDIA employee reported having reproduced the problem, assigned it bug ID 239065, and promised a fix would be forthcoming.

That was July – there is still no fix.