CUDA drivers/Linux security hole

2011.01.25
Risk: Low
Local: Yes
Remote: No
CWE: CWE-200


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Hello, We have recently found serious security breach in CUDA Linux drivers: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e a936bHW-7675-1380-00.htm http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9e a936bHW-7676-1022+00.htm In brief, driver maps pinned memory to user space but does not initialize it to zero. As an example, our simplest "proof of concept" program was able to read large fragments of files being written or read by other users. Kind regards, Alex Granovsky Firefly Project http://classic.chem.msu.su/gran/firefly/

References:

http://xforce.iss.net/xforce/xfdb/64710
http://www.securitytracker.com/id?1024962
http://www.securityfocus.com/bid/45717
http://www.securityfocus.com/archive/1/archive/1/515591/100/0/threaded
http://secunia.com/advisories/42859
http://osvdb.org/70420
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm184d
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top