NVIDIA Drivers: Privilege escalation

NVIDIA Drivers: Privilege escalation Two vulnerabilities in NVIDIA drivers may allow a local attacker to gain escalated privileges. nvidia-drivers April 08, 2013 April 08, 2013: 1 429614 464248 remote 304.88 304.88

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards.

Two vulnerabilities have been discovered in NVIDIA drivers:

A vulnerability has been found in the way NVIDIA drivers handle read/write access to GPU device nodes, allowing access to arbitrary system memory locations (CVE-2012-4225).
A buffer overflow error has been discovered in NVIDIA drivers (CVE-2013-0131).

NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660 permissions being used on the GPU device nodes by default.

A local attacker could gain escalated privileges.

There is no known workaround at this time.

All NVIDIA driver users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=x11-drivers/nvidia-drivers-304.88"

CVE-2012-4225 CVE-2013-0131 ackle ackle