Gentoo Logo

NVIDIA Drivers: Privilege escalation

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201304-01 / nvidia-drivers
Release Date April 08, 2013
Latest Revision April 08, 2013: 1
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
x11-drivers/nvidia-drivers < 304.88 >= 304.88 All supported architectures

Related bugreports: #429614, #464248

Synopsis

Two vulnerabilities in NVIDIA drivers may allow a local attacker to gain escalated privileges.

2.  Impact Information

Background

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards.

Description

Two vulnerabilities have been discovered in NVIDIA drivers:

  • A vulnerability has been found in the way NVIDIA drivers handle read/write access to GPU device nodes, allowing access to arbitrary system memory locations (CVE-2012-4225).
  • A buffer overflow error has been discovered in NVIDIA drivers (CVE-2013-0131).

NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660 permissions being used on the GPU device nodes by default.

Impact

A local attacker could gain escalated privileges.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA driver users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose
  ">=x11-drivers/nvidia-drivers-304.88"

4.  References



Print

Page updated April 08, 2013

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.