Wednesday, August 01, 2012

NVidia Linux Binary Driver Exploit

Dave Airlie has posted an exploit which was sent to him anonymously some time ago and he has tested it and it worked well to gain root access by using privilege escalation exploit.

What's the detail of the exploit?
It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.
Please note that the script might kill your system. Review the content first before executing it and NEVER EVER execute the script on your production machine. Use it on your own risk.