[Full-disclosure] nvidia linux binary driver priv escalation exploit

Simon L. B. Nielsen simon at qxnitro.org
Fri Aug 10 14:35:35 UTC 2012


On Wed, Aug 8, 2012 at 1:38 PM, Wesley Shields <wxs at freebsd.org> wrote:
> On Wed, Aug 08, 2012 at 10:34:06AM +0000, Alexey Dokuchaev wrote:
>> On Mon, Aug 06, 2012 at 01:49:50PM +0200, Rainer Hurling wrote:
>> > Am 06.08.2012 10:03 (UTC+1) schrieb Doug Barton:
>> > >On 08/01/2012 05:09, Oliver Pinter wrote:
>> > >>I found this today on FD:
>> > >>
>> > >>http://seclists.org/fulldisclosure/2012/Aug/4
>> > >
>> > >Apparently this affects us as well. Any news?
>> >
>> > Thanks for the info. I had been not aware of it before.
>> >
>> > NVidia has released a driver version 304.32 for FreeBSD i386 and amd64,
>> > which should remedy these security issues.
>>
>> Luckily, they've released version 295.71 which is on Long Lived Branch.  I
>> will update the port shortly.
>
> Thank you!
>
>> VuXML entry will have to follow separately, as it is unclear whether new CVE
>> number will be assigned or not.
>
> You can do the VuXML without a CVE for now and update it when/if one is
> assigned.

Eh, why wouldn't a CVE name not be assigned? If none is we should ask
MITRE to assign one, but it would surprise me if NVIDIA or a Linux
vendor hasn't done this already.

-- 
Simon L. B. Nielsen


More information about the freebsd-ports mailing list