NVIDIA Drivers: Privilege escalation
Gentoo Linux Security Advisory
||GLSA 201304-01 / nvidia-drivers
||April 08, 2013
||April 08, 2013: 1
All supported architectures
Two vulnerabilities in NVIDIA drivers may allow a local attacker to
gain escalated privileges.
The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
Two vulnerabilities have been discovered in NVIDIA drivers:
- A vulnerability has been found in the way NVIDIA drivers handle
read/write access to GPU device nodes, allowing access to arbitrary
system memory locations (CVE-2012-4225).
- A buffer overflow error has been discovered in NVIDIA drivers
NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660
permissions being used on the GPU device nodes by default.
A local attacker could gain escalated privileges.
There is no known workaround at this time.
All NVIDIA driver users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose