Executive Summary

Summary
Title Video drivers may fail to support Address Space Layout Randomization (ASLR)
Informations
Name VU#458153 First vendor Publication 2012-06-06
Vendor VU-CERT Last vendor Modification 2012-07-23
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#458153

Video drivers may fail to support Address Space Layout Randomization (ASLR)

Original Release date: 06 Jun 2012 | Last revised: 23 Jul 2012

Overview

Some video drivers fail to support ASLR in Microsoft EMET "Always on" mode, which can limit the amount that such a system can be secured.

Description

ASLR, when combined with DEP (Data Execution Prevention) can be an effective mitigation against exploitation of vulnerabilities. For more information about DEP and ASLR on Microsoft Windows platforms, see the Microsoft Security Research & Defense blog entry: On the effectiveness of DEP and ASLR. Microsoft has released a tool called EMET (Exploit Mitigation Experience Toolkit) to enforce DEP, ASLR, and other exploit mitigation features for Windows systems on an application-specific and a system-wide basis. DEP and ASLR features are available on other operating systems as well.

Some video drivers are not compatible with the Microsoft EMET "Always on" mode for ASLR. Enabling "Always on" ASLR on a system with incompatible video drivers may result in a system crash (kernel panic, or BSOD).

Problems have also been reported using ATI drivers on Linux systems using PaX.

Impact

Systems with incompatible video drivers cannot be secured as well as those with ASLR-compatible drivers. Enabling system-wide DEP and ASLR can make exploitation of vulnerabilities more difficult.

Solution

Apply an update

AMD has released Catalyst drivers version 12.6 for supported Radeon hardware; these drivers are compatible with system-wide ASLR. If you are unable to obtain updated drivers, please consider the following workarounds.

Use standard VGA drivers

On systems where video performance is not a requirement (servers, for example), the use of standard VGA drivers can allow the use of EMET "Always on" ASLR.

Use a different video adapter

If the video adapter on your system is not compatible with EMET "Always on" ASLR, consider using a different video adapter that has ASLR compatible drivers.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
AMDAffected16 Feb 201229 Jun 2012
ATI TechnologiesAffected-05 Jun 2012
Intel CorporationNot Affected01 Jun 201205 Jun 2012
NVIDIANot Affected01 Jun 201205 Jun 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base0.0AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal0.0E:--/RL:OF/RC:C
Environmental0.0CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

  • https://www.cert.org/blogs/certcc/2012/06/amd_video_drivers_prevent_the.html
  • http://support.microsoft.com/kb/2458544
  • http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx
  • https://social.technet.microsoft.com/Forums/en-US/emet/thread/1e70c72b-67b2-43c4-bd36-a0edd1857875
  • https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx
  • https://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx
  • https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#ATI_Catalyst_.28fglrx.29_graphics_driver
  • http://support.amd.com/us/gpudownload/Pages/index.aspx
  • http://sites.amd.com/us/game/downloads/Pages/radeon_win7-64.aspx
  • http://sites.amd.com/us/game/downloads/Pages/radeon_win7-32.aspx
  • http://sites.amd.com/us/game/downloads/Pages/radeon_xp-32.aspx
  • http://blogs.amd.com/play/2012/06/28/our-driver-team-answers-the-call-once-again/

Credit

This document was written by Will Dormann.

Other Information

  • CVE IDs:Unknown
  • Date Public:02 Sep 2010
  • Date First Published:06 Jun 2012
  • Date Last Updated:23 Jul 2012
  • Document Revision:57

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/458153