From ${URL} : Description A vulnerability has been reported in NVIDIA Graphics Drivers, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the driver allowing unprivileged user-mode software to access the GPU and can be exploited to gain additional privileges. Please see the vendor's advisory for a list of affected versions. Solution: Update to a fixed version. Please see the vendor's advisory for more details. Provided and/or discovered by: The vendor credits Marcin Koscielnicki, the X.Org Foundation Nouveau project. Original Advisory: NVIDIA: http://nvidia.custhelp.com/app/answers/detail/a_id/3377 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Driver Branch Version ${PV} Release 331 331.20 331.20 Release 319 319.72 319.76 Release 304 304.116 304.116 These are all in the tree and stable already. It's unclear whether the 17* branch and 96 branch are affected, so I don't know what to remove as yet.
Since the versions are stable, if you can remove the vulnerable versions in: Branch: 319 (319.49 & 319.60) It would at least remove the vulnerability from the current builds, until you are sure of the other branches.
(In reply to Yury German from comment #2) > Since the versions are stable, if you can remove the vulnerable versions in: > > Branch: 319 (319.49 & 319.60) > > It would at least remove the vulnerability from the current builds, until > you are sure of the other branches. That didn't help much...
Looking at this further I do not think the Linux versions outside the ones mentioned are vulnerable. Just in case I opened up a support case with Nvidia and have been escalated to the Linux team. In the mean time if we proceed with the clean-up of the known vulnerable versions we will minimize exposure to the vulnerability for known affected branches.
Here is the reply from the Linux team at NVIDIA: "The security concern does not affect the legacy branches 173* or 96*. In addition, since 325* was a "short lived" branch, we did not issue a security patch for that branch to nvidia.com. It is our advisement that anyone currently with R310 or R325 based drivers move to latest R331 drivers." So with that advise can we clean-up the following versions? 325.15, 319.60, 319.49
GLSA Request Filed
(In reply to Yury German from comment #5) > Here is the reply from the Linux team at NVIDIA: > > "The security concern does not affect the legacy branches 173* or 96*. In > addition, since 325* was a "short lived" branch, we did not issue a security > patch for that branch to nvidia.com. It is our advisement that anyone > currently with R310 or R325 based drivers move to latest R331 drivers." As several open bug reports will tell you, 325.15 is the only (recent) driver that doesn't cause zombie processes for some people.
Well then we need to figure out what to do, as NVIDIA is not updating it as you see by the note.
(In reply to Yury German from comment #8) Comment #7's addition of the See Also's should have brought everybody up to date. People seem very reluctant to put in the actual work to find the cause of the problem (other than frivolously up and downgrading nvidia-drivers) and Nvidia's having great trouble reproducing the issue. Anyway, 325.* is gone so all versions currently in the tree are either unaffected or fixed.
Cleanup was done, thanks to Jeroen
*** Bug 494296 has been marked as a duplicate of this bug. ***
(In reply to Jeroen Roovers from comment #9) > (In reply to Yury German from comment #8) > > Comment #7's addition of the See Also's should have brought everybody up to > date. People seem very reluctant to put in the actual work to find the cause > of the problem (other than frivolously up and downgrading nvidia-drivers) > and Nvidia's having great trouble reproducing the issue. > > Anyway, 325.* is gone so all versions currently in the tree are either > unaffected or fixed. Thank you for your work on this.
CVE-2013-5987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5987): Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. CVE-2013-5986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5986): Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.
This issue was resolved and addressed in GLSA 201402-02 at http://security.gentoo.org/glsa/glsa-201402-02.xml by GLSA coordinator Sergey Popov (pinkbyte).
glsa-check is still showing x86 systems with x11-drivers/nvidia-drivers-304.123 as affected with no upgrade path.
