Joined: 12 May 2004
|Posted: Sun Aug 19, 2007 11:26 pm Post subject: [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service
|Gentoo Linux Security Advisory
Title: NVIDIA drivers: Denial of Service (GLSA 200708-14)
Date: August 19, 2007
Updated: October 11, 2007
A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.
The NVIDIA drivers provide support for NVIDIA graphic boards.
Vulnerable: = 100.14.06
Unaffected: >= 71.86.01
Unaffected: >= 1.0.7185 < 1.0.7186
Unaffected: >= 1.0.9639 < 1.0.9640
Architectures: All supported architectures
Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions.
A local attacker could send arbitrary values into the devices, possibly resulting in hardware damage on the graphic board or a Denial of Service.
There is no known workaround at this time.
All NVIDIA drivers users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"
Last edited by GLSA on Fri Oct 12, 2007 4:19 am; edited 1 time in total