GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Apr 08, 2013 10:26 pm Post subject: [ GLSA 201304-01 ] NVIDIA Drivers: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: NVIDIA Drivers: Privilege escalation (GLSA 201304-01)
Severity: high
Exploitable: remote
Date: April 08, 2013
Bug(s): #429614, #464248
ID: 201304-01
Synopsis
Two vulnerabilities in NVIDIA drivers may allow a local attacker to
gain escalated privileges.
Background
The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
boards.
Affected Packages
Package: x11-drivers/nvidia-drivers
Vulnerable: < 304.88
Unaffected: >= 304.88
Architectures: All supported architectures
Description
Two vulnerabilities have been discovered in NVIDIA drivers: - A vulnerability has been found in the way NVIDIA drivers handle
read/write access to GPU device nodes, allowing access to arbitrary
system memory locations (CVE-2012-4225).
- A buffer overflow error has been discovered in NVIDIA drivers
(CVE-2013-0131).
NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660
permissions being used on the GPU device nodes by default.
Impact
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All NVIDIA driver users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-304.88"
|
References
CVE-2012-4225
CVE-2013-0131 |
|