NVIDIA Drivers: Privilege Escalation — GLSA 201402-02

A NVIDIA drivers bug allows unprivileged user-mode software to access the GPU inappropriately, allowing for privilege escalation.

Affected Packages

x11-drivers/nvidia-drivers on all architectures
Affected versions < 331.20
Unaffected versions >= 331.20
revision >= 319.76
revision >= 304.116
revision >= 304.119
revision >= 304.121

Background

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic boards.

Description

The vulnerability is caused due to the driver allowing unprivileged user-mode software to access the GPU.

Impact

A local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA Drivers users using the 331 branch should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=x11-drivers/nvidia-drivers-331.20"
 

All NVIDIA Drivers users using the 319 branch should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=x11-drivers/nvidia-drivers-319.76"
 

All NVIDIA Drivers users using the 304 branch should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=x11-drivers/nvidia-drivers-304.116"
 

References

Release Date
February 02, 2014

Latest Revision
March 13, 2014: 3

Severity
high

Exploitable
local

Bugzilla entries