Joined: 12 May 2004
|Posted: Mon Apr 08, 2013 10:26 pm Post subject: [ GLSA 201304-01 ] NVIDIA Drivers: Privilege escalation
|Gentoo Linux Security Advisory
Title: NVIDIA Drivers: Privilege escalation (GLSA 201304-01)
Date: April 08, 2013
Bug(s): #429614, #464248
Two vulnerabilities in NVIDIA drivers may allow a local attacker to
gain escalated privileges.
The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
Vulnerable: < 304.88
Unaffected: >= 304.88
Architectures: All supported architectures
Two vulnerabilities have been discovered in NVIDIA drivers:
NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660
- A vulnerability has been found in the way NVIDIA drivers handle
read/write access to GPU device nodes, allowing access to arbitrary
system memory locations (CVE-2012-4225).
- A buffer overflow error has been discovered in NVIDIA drivers
permissions being used on the GPU device nodes by default.
A local attacker could gain escalated privileges.
There is no known workaround at this time.
All NVIDIA driver users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose