Lucene search

Gentoo FoundationGLSA-200708-14

HistoryAug 19, 2007 - 12:00 a.m.

NVIDIA drivers: Denial of service

2007-08-1900:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Background

The NVIDIA drivers provide support for NVIDIA graphic boards.

Description

Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions.

Impact

A local attacker could send arbitrary values into the devices, possibly resulting in hardware damage on the graphic board or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA drivers users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"

OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-drivers/nvidia-drivers= 100.14.06UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	x11-drivers/nvidia-drivers	= 100.14.06	UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Related for GLSA-200708-14