Bug#735271: nvidia-graphics-drivers: CVE-2013-5987 - Unprivileged GPU access vulnerability
Andreas Beckmann
anbe at debian.org
Tue Jan 14 10:25:06 UTC 2014
Source: nvidia-graphics-drivers
Severity: serious
Tags: security
Control: fixed -1 319.72-1,331.20-1
Quoting from
http://nvidia.custhelp.com/app/answers/detail/a_id/3377
Vulnerability Description:
An NVIDIA graphics driver bug allows unprivileged user-mode software to
access the GPU inappropriately. An attacker who successfully exploited
this vulnerability could take control of an affected system.
Exploit Scope and Risk:
To take advantage of this vulnerability, an attacker would need to run
specially crafted software locally on the target computer. Expert
knowledge of system and NVIDIA GPU programming would be required to
create such an exploit. NVIDIA is not aware of the existence of any
actual exploits that leverage this vulnerability.
This issue could potentially affect all supported PC OS platforms and
form factors. NVIDIA Tegra GPUs are not vulnerable.
The following table shows the first NVIDIA UNIX GPU Drivers that contain
the security fix.
Driver Branch Version
Release 331 331.20
Release 319 319.72
Release 304 304.116
nvidia-graphics-drivers-legacy-304xx is affected as well, but is already
at the fixed version.
It is unknown whether the older legacy branches are affected.
Andreas
More information about the pkg-nvidia-devel
mailing list