NVIDIA Driver Vulnerability: It’s in userland

Dave G. | October 17th, 2006 | Filed Under: Slashdot Rounddown

Rapid7 found a heap overflow in an Xwindows NVIDIA graphics driver. It can be exploited either remotely (via a malicious web page) or locally as a privilege escalation attack. The slashdot posting on the subject says:

KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA’s binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.”

Just to be clear, this is the userland portion of the driver for Xwindows. And while the binary blob thing continues to be a hot debate in the open source community, this isn’t the only “binary blob” you are going to find on a functional Linux desktop. For example, Adobe Flash (which at some point became almost necessary for everyday web browsing) does not have a credible open source counterpart. I feel like this NVIDIA situation is more like Xpdf vs. Adobe Acrobat.

Don’t get me wrong, I would prefer it if vendors would open source these things. It’s easier to review from a security perspective. When a flaw is found, you dont have to wait two years for it to get resolved!