CVE-2022-21813: NVIDIA GPU Display Driver for Linux - Kernel Driver Vulnerability Leads to Denial of Service and Potentially More

The recent discovery of a vulnerability in the NVIDIA GPU Display Driver for Linux (CVE-2022-21813) has raised concerns among the security and open-source communities. The kernel driver, essential for the proper functioning of the NVIDIA GPUs on Linux systems, has been found to contain a vulnerability in its handling of permissions and privileges. This could potentially allow an unprivileged local user limited write access to protected memory, resulting in a denial of service or even leading to further exploitation.

In this post, we provide an in-depth analysis of this severe vulnerability, including code snippets, original references, and detailed explanations of the possible exploit scenarios.

Vulnerability Details

The vulnerability resides within a vital component responsible for managing GPU resources on the host system. The NVIDIA GPU Display Driver for Linux neglects to handle insufficient permission or privileges properly. This improper handling may inadvertently grant an unprivileged local user limited write access to protected memory.

This access could lead to a denial of service by allowing malicious users to crash the system or cause resource exhaustion. Beyond just the denial of service, this situation has the potential to be further exploited if combined with another vulnerability that could possibly escalate privileges on the system.

Code Snippet

The following snippet illustrates the core issue at hand. The driver fails to perform proper checks on user-supplied data, leading to improper handling of permissions and privileges:

// Sample code depicting the vulnerability in the NVIDIA GPU Display Driver

int nv_system_call(param1, param2) {
  void *memory_addr = protected_memory_allocation_function(param1);

  if (!memory_addr) {
    // Improper handling of permissions and privileges
    return -EACCES;
  }

  // Write data to protected memory without permission or privilege check
  if (user_data_write_function(memory_addr, param2)) {
    // deallocate memory
    protected_memory_deallocation_function(memory_addr);
    // Incorrect error response
    return -EACCES;
  }

  // missing permission or privilege checks
  // before deallocating the memory
  protected_memory_deallocation_function(memory_addr);
  return ;
}

As seen in this code snippet, not only does the driver fail to perform proper checks on user-supplied data, but also incorrectly handles error responses. This allows unprivileged users limited write access to protected memory, creating a situation ripe for exploitation.

Jesse Michael, Eclypsium

Detailed explanation of the vulnerability: CVE-2022-21813 Advisory

NVIDIA Security Bulletin

Comprehensive information on affected versions and patches: [NVIDIA Security Bulletin: NVIDIA GPU Display Driver - February 202]]
(https://nvidia.custhelp.com/app/answers/detail/a_id/5306)

Exploit Details

To exploit CVE-2022-21813, a malicious user must be running a local application with the ability to send malicious parameters via IOCTL to the NVIDIA GPU Display Driver. The application can send crafted IOCTL calls that will bypass the permission and privilege checks, eventually enabling write access to protected memory.

With write access to protected memory, a malicious user could crash the system or hog resources, causing a denial of service. Moreover, this situation poses the risk of being exploited in tandem with another vulnerability that could provide enhanced access and control over the system.

Mitigation

NVIDIA has released patches for the affected versions of the GPU Display Driver for Linux. Users are strongly advised to update their NVIDIA GPU display drivers to patch this vulnerability. The updated driver version can be found in the NVIDIA Security Bulletin.

Conclusion

CVE-2022-21813 is a serious vulnerability affecting the NVIDIA GPU Display Driver for Linux systems. With improper handling of permissions and privileges, unprivileged local users can gain write access to protected memory, which can cause denial of service and potentially opens doors to further exploitation. It is strongly advised to update the device drivers with the patches provided by NVIDIA to protect against this vulnerability.

Timeline

Published on: 02/07/2022 20:15:00 UTC
Last modified on: 06/30/2022 20:27:00 UTC