Nvidia Unix GPU Driver ARGB Cursor Buffer Overflow Vulnerability

Discussion in 'News Aggregator' started by Mr. Penguin, 7 Apr 2013.

  1. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member VIP Admin

    Joined:
    18 May 2012
    Messages:
    3,093
    Likes Received:
    1,262
    Nvidia driver for X window system contains ARGB Cursor buffer overflow vulnerability in "NoScanout" mode. Nvidia security adivisory states that when driver for X system operated in "NoScanout " mode, X client tends to install an ARGB cursor larger then expected size ,causing buffer overflow. It can be used to cause denial of service and exploited to achieve arbitrary code execution.

    [​IMG]

    Xserver runs at root privileges so exploiting this vulnerability enables attacker to gain root privileges. Xservers only accept authenticated connections from local machine, but can be configured to accept connections without authentication and allow connection over network. The vulnerability present since driver version 195.22. Nvidia suggests to upgrade to new version or disable NoScanout mode if possible.

    User must download and install the drivers from Nvidia. The vulnerability registered under CVE-2013-0131.

    Original Thread @ thehackernews: http://news.thehackernews.com/nvidia-unix-gpu-driver-argb-cursor-buffer-overflow-vulnerability
     

Share This Page

Loading...