Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-19 ] NVIDIA Drivers: Privilege escalation
Date: Sat, 23 Jun 2012 14:49:53
Message-Id: 4FE5D5FA.3060906@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: NVIDIA Drivers: Privilege escalation
9 Date: June 23, 2012
10 Bugs: #411617
11 ID: 201206-19
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A vulnerability in NVIDIA drivers may allow a local attacker to gain
19 escalated privileges.
20
21 Background
22 ==========
23
24 The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
25 boards.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 x11-drivers/nvidia-drivers
34 < 295.40 >= 295.40
35
36 Description
37 ===========
38
39 A vulnerability has been found in the way NVIDIA drivers handle
40 read/write access to GPU device nodes, allowing access to arbitrary
41 system memory locations.
42
43 NOTE: Exposure to this vulnerability is reduced in Gentoo due to 660
44 permissions being used on the GPU device nodes by default.
45
46 Impact
47 ======
48
49 A local attacker could gain escalated privileges.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All NVIDIA driver users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot -v ">=x11-drivers/nvidia-drivers-295.40"
63
64 References
65 ==========
66
67 [ 1 ] CVE-2012-0946
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0946
69
70 Availability
71 ============
72
73 This GLSA and any updates to it are available for viewing at
74 the Gentoo Security Website:
75
76 http://security.gentoo.org/glsa/glsa-201206-19.xml
77
78 Concerns?
79 =========
80
81 Security is a primary focus of Gentoo Linux and ensuring the
82 confidentiality and security of our users' machines is of utmost
83 importance to us. Any security concerns should be addressed to
84 security@g.o or alternatively, you may file a bug at
85 https://bugs.gentoo.org.
86
87 License
88 =======
89
90 Copyright 2012 Gentoo Foundation, Inc; referenced text
91 belongs to its owner(s).
92
93 The contents of this document are licensed under the
94 Creative Commons - Attribution / Share Alike license.
95
96 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature