Attacker Value
Very Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

NVIDIA binary graphics driver: Privilege escalation vulnerability

Disclosure Date: October 18, 2006
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.

Add Assessment

2
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very High
Technical Analysis

This vuln is triggerable as a drive-by if someone visits a site using a browser while the impacted nvidia blob driver was used on the system. You could do this by installing a custom set of font glyphs that contain shellcode, and overflowing the video buffer with a long “string” of those glyphs (which would write past the video buffer memory boundary). However, the likelihood of someone using this driver today is extremely low, so, not very useful.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • nvidia

Products

  • binary graphics driver v8762,
  • binary graphics driver v8774

References

Additional Info

Technical Analysis