NVIDIA UNIX Graphics Driver Vulnerability Allows Local Privilege Escalation
CVE-2012-4225

Currently unrated

Key Information:

Vendor: Nvidia
Status: Unix Graphic Driver
Vendor: CVE Published:; 19 November 2012

Summary

The NVIDIA UNIX graphics driver prior to versions 295.71 and 304.32 contains a vulnerability that allows local users to write to arbitrary physical memory locations. This is achieved through manipulation of the VGA window via the /dev/nvidia0 device file, which can potentially lead to unauthorized privilege escalation on systems using these impacted versions of the driver.

References

http://www.openwall.com/lists/oss-security/2012/08/01/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/08/08/4

mailing-listx_refsource_MLIST

http://nvidia.custhelp.com/app/answers/detail/a_id/3140

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 19, 2012
Vulnerability Reserved
Aug 8, 2012