Very Low
NVIDIA binary graphics driver: Privilege escalation vulnerability
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very Low
(1 user assessed)Very High
(1 user assessed)Unknown
Unknown
Unknown
NVIDIA binary graphics driver: Privilege escalation vulnerability
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
Add Assessment
Ratings
-
Attacker ValueVery Low
-
ExploitabilityVery High
Technical Analysis
This vuln is triggerable as a drive-by if someone visits a site using a browser while the impacted nvidia blob driver was used on the system. You could do this by installing a custom set of font glyphs that contain shellcode, and overflowing the video buffer with a long “string” of those glyphs (which would write past the video buffer memory boundary). However, the likelihood of someone using this driver today is extremely low, so, not very useful.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- nvidia
Products
- binary graphics driver v8762,
- binary graphics driver v8774
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: