NVIDIA drivers: Denial of Service — GLSA 200708-14

A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.

Affected Packages

x11-drivers/nvidia-drivers on all architectures
Affected versions = 100.14.06
Unaffected versions >= 71.86.01, revision >= 1.0.7185, revision >= 1.0.9639

Background

The NVIDIA drivers provide support for NVIDIA graphic boards.

Description

Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions.

Impact

A local attacker could send arbitrary values into the devices, possibly resulting in hardware damage on the graphic board or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA drivers users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"

References

Release Date
August 19, 2007

Latest Revision
October 11, 2007: 03

Severity
normal

Exploitable
local

Bugzilla entries