CUDA drivers/Linux security hole

2011.01.25

Credit: gran classic chem

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2011-0636

CWE: CWE-200

Ogólna skala CVSS: 2.1/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 3.9/10

Wymagany dostęp: Lokalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Brak

Wpływ na dostępność: Brak

Hello,
We have recently found serious security breach in CUDA Linux drivers:
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e
a936bHW-7675-1380-00.htm
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e
a936bHW-7676-1022+00.htm
In brief, driver maps pinned memory to user space but does not initialize it to zero. As an example, our simplest "proof of concept" program was able to read large fragments of files being written or read by other users.
Kind regards,
Alex Granovsky
Firefly Project
http://classic.chem.msu.su/gran/firefly/

Referencje:

http://xforce.iss.net/xforce/xfdb/64710

http://www.securitytracker.com/id?1024962

http://www.securityfocus.com/bid/45717

http://www.securityfocus.com/archive/1/archive/1/515591/100/0/threaded

http://secunia.com/advisories/42859

http://osvdb.org/70420

http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm184d

http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CUDA drivers/Linux security hole

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.