GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Jun 23, 2012 4:26 pm Post subject: [ GLSA 201206-19 ] NVIDIA Drivers: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: NVIDIA Drivers: Privilege escalation (GLSA 201206-19)
Severity: high
Exploitable: local
Date: June 23, 2012
Bug(s): #411617
ID: 201206-19
Synopsis
A vulnerability in NVIDIA drivers may allow a local attacker to
gain escalated privileges.
Background
The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
boards.
Affected Packages
Package: x11-drivers/nvidia-drivers
Vulnerable: < 295.40
Unaffected: >= 295.40
Architectures: All supported architectures
Description
A vulnerability has been found in the way NVIDIA drivers handle
read/write access to GPU device nodes, allowing access to arbitrary
system memory locations.
NOTE: Exposure to this vulnerability is reduced in Gentoo due to 660
permissions being used on the GPU device nodes by default.
Impact
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All NVIDIA driver users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-295.40"
|
References
CVE-2012-0946 |
|