GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Feb 02, 2014 8:32 pm Post subject: [ GLSA 201402-02 ] NVIDIA Drivers: Privilege Escalation |
 |
|
Gentoo Linux Security Advisory
Title: NVIDIA Drivers: Privilege Escalation (GLSA 201402-02)
Severity: high
Exploitable: local
Date: February 02, 2014
Updated: March 13, 2014
Bug(s): #493448
ID: 201402-02
Synopsis
A NVIDIA drivers bug allows unprivileged user-mode software to
access the GPU inappropriately, allowing for privilege escalation.
Background
The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
boards.
Affected Packages
Package: x11-drivers/nvidia-drivers
Vulnerable: < 331.20
Unaffected: >= 331.20
Unaffected: >= 319.76 < 319.77
Unaffected: >= 304.116 < 304.117
Unaffected: >= 304.119 < 304.120
Unaffected: >= 304.121 < 304.122
Architectures: All supported architectures
Description
The vulnerability is caused due to the driver allowing unprivileged
user-mode software to access the GPU.
Impact
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All NVIDIA Drivers users using the 331 branch should upgrade to the
latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-331.20"
|
All NVIDIA Drivers users using the 319 branch should upgrade to the
latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-319.76"
|
All NVIDIA Drivers users using the 304 branch should upgrade to the
latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-304.116"
|
References
CVE-2013-5986
CVE-2013-5987
Last edited by GLSA on Fri Mar 14, 2014 4:33 am; edited 1 time in total |
|
News & Announcements
