Stories
Slash Boxes
Comments

SoylentNews is people

Oops! It's a Kernel Stack Use-After-Free: Exploiting NVIDIA's GPU Linux Drivers

posted by hubie on Monday October 20, @06:58PM   Printer-friendly
Security

An Anonymous Coward writes:

This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed via a proof of concept that achieves kernel read and write primitives.

Back in 2022, NVIDIA started distributing the Linux Open GPU Kernel Modules. Since 2024, using these modules is officially "the right move" for both consumer and server hardware. The driver provides multiple kernel modules, the bugs being found in nvidia.ko and nvidia-uvm.ko. They expose ioctls on device files, most of them being accessible to unprivileged users. These ioctls are meant to be used by NVIDIA's proprietary userland binaries and libraries. However, using the header files provided in the kernel modules repository as a basis, it's possible to make direct ioctl calls.

While manually probing the attack surface related to memory allocation and management we found two vulnerabilities. They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025

https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

[Ed. note: if you've ever wondered about the nitty-gritty details of exploits, TFA breaks down these use-after-free exploits and show how they work]

Original Submission


«  Soylent Update | Russia, AI and the Future of Disinformation Warfare  »
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Oops! It's a Kernel Stack Use-After-Free: Exploiting NVIDIA's GPU Linux Drivers | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Touché) by mrpg on Monday October 20, @09:33PM (3 children)

    by mrpg (5708) <mrpgNO@SPAMsoylentnews.org> on Monday October 20, @09:33PM (#1421548) Homepage

    Must I hold a candle to my shames? -- William Shakespeare, "The Merchant of Venice"

    • (Score: 4, Informative) by mrpg on Monday October 20, @10:55PM (2 children)

      by mrpg (5708) <mrpgNO@SPAMsoylentnews.org> on Monday October 20, @10:55PM (#1421558) Homepage

      Offtopic? Sure.
      This is a beautiful and poignant line from William Shakespeare's play, "The Merchant of Venice."
      The quote, "Must I hold a candle to my shames?" is spoken by the character Portia in Act II, Scene 7
      The line is an idiomatic expression meaning: "Must I expose and illuminate my faults for everyone to see?" or "Must I openly confess my disgraces?"
      Now imagine Envidia saying it, in the world, a stage where we all play a part.

(1)