7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
The NVIDIA Windows Server 2008 and 2008 R2 Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases when using the NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x Servers. NVIDIA’s PCIe cards are functioning within specification; this is a software implementation issue.
The NVIDIA Windows Server 2008 and 2008 R2 Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases when using the NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x Servers. NVIDIA’s PCIe cards are functioning within specification; this is a software implementation issue.
Vulnerability Details:
CVE-ID: CVE-2015-1170
Description: The NVIDIA Display Driver, as used by multiple products, could allow a local attacker to gain elevated privileges, caused by the failure to properly validate local client impersonation levels. An attacker could exploit this vulnerability using unspecified API calls to gain administrative privileges on the system.
CVSS Base Score: 7.2
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101911 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
The attacker must already have local access on the machine. Under certain conditions, a local user on the system can use improper impersonation behaviors of NVIDIA driver APIs to access resources that are intended for local administrator access only. Under these conditions, this behavior may lead to privilege escalation of the local user account, leading to a system compromise.
The following NVIDIA Server 2008 and 2008 R2 Windows Display Driver versions are affected:
In addition, the following NVIDIA products are affected:
NVIDIA Tesla M2xxx, K10, K20, K40, K80 series GPUs NVIDIA Quadro 6xx, 1xxx, 2xxx, 3xxx, 4xxx, 5xxx, 6xxx, K6xx, K2xxx, K4xxx, K5xxx, K6xxx series GPUs NVIDIA Grid GPUs
The following System x servers that have one or more of the NVIDIA products installed:
It is recommended to apply the following fix for the version specified:
Instructions on how to download and apply these updates are available at:
<http://www.nvidia.com/Download/index.aspx?lang=en-us>
Refer to NVIDIA Answer ID 3634 for patch and upgrade information:
<http://nvidia.custhelp.com/app/answers/detail/a_id/3634>
As the exploit requires local access and a user/process running as administrator to allow impersonation, safe computing practices can help mitigate your general risk.
As always, observe safe computing practices by:
Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
This bug was reported to NVIDIA by James Forshaw, Project Zero, Google.
Change History
30 April 2015: Original Copy Published
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.