Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201304-01
HistoryApr 08, 2013 - 12:00 a.m.

NVIDIA Drivers: Privilege escalation

2013-04-0800:00:00
Gentoo Foundation
security.gentoo.org
19

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.4%

JSON

Background

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards.

Description

Two vulnerabilities have been discovered in NVIDIA drivers:

  • A vulnerability has been found in the way NVIDIA drivers handle read/write access to GPU device nodes, allowing access to arbitrary system memory locations (CVE-2012-4225).
  • A buffer overflow error has been discovered in NVIDIA drivers (CVE-2013-0131).

NOTE: Exposure to CVE-2012-4225 is reduced in Gentoo due to 660 permissions being used on the GPU device nodes by default.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA driver users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=x11-drivers/nvidia-drivers-304.88"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-drivers/nvidia-drivers< 304.88UNKNOWN

Related

openvas 5
nessus 4
ubuntucve 2
cve 2
prion 2
debiancve 2
securityvulns 2
cert 1
ubuntu 1
freebsd 2
openvas
openvas
Gentoo Security Advisory GLSA 201304-01
2015-09-29 00:00:00
Ubuntu Update for nvidia-graphics-drivers USN-1799-1
2013-04-15 00:00:00
Ubuntu: Security Advisory (USN-1799-1)
2013-04-15 00:00:00
nessus
nessus
GLSA-201304-01 : NVIDIA Drivers: Privilege escalation
2013-04-09 00:00:00
FreeBSD : NVIDIA UNIX driver -- ARGB cursor buffer overflow in 'NoScanout' mode (1431f2d6-a06e-11e2-b9e0-001636d274f3)
2013-04-12 00:00:00
Ubuntu 12.04 LTS / 12.10 : nvidia-graphics-drivers, nvidia-graphics-drivers-updates, nvidia-settings, nvidia-settings-updates vulnerability (USN-1799-1)
2013-04-11 00:00:00
ubuntucve
ubuntucve
CVE-2012-4225
2012-08-10 00:00:00
CVE-2013-0131
2013-04-03 00:00:00
cve
cve
CVE-2012-4225
2012-11-19 12:10:00
CVE-2013-0131
2013-04-08 16:55:00
prion
prion
Memory corruption
2012-11-19 12:10:00
Buffer overflow
2013-04-08 16:55:00
debiancve
debiancve
CVE-2012-4225
2012-11-19 12:10:00
CVE-2013-0131
2013-04-08 16:55:00
securityvulns
securityvulns
[USN-1799-1] NVIDIA graphics drivers vulnerability
2013-04-15 00:00:00
Linux kernel multiple security vulnerabilities
2013-04-15 00:00:00
cert
cert
NVIDIA UNIX GPU driver ARGB cursor buffer overflow in "NoScanout" mode
2013-04-05 00:00:00
ubuntu
ubuntu
NVIDIA graphics drivers vulnerability
2013-04-10 00:00:00
freebsd
freebsd
NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode
2013-03-27 00:00:00
NVIDIA UNIX driver -- access to arbitrary system memory
2012-03-20 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.4%

JSON
Related for GLSA-201304-01
openvas5nessus4ubuntucve2cve2prion2debiancve2securityvulns2cert1ubuntu1freebsd2