Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.
The privilege escalation vulnerability fixed in the new 304.32 version of the Nvidia Unix driver 304.32 was publicly disclosed last Wednesday by Dave Airlie, a principal engineer in the graphics team at Linux vendor Red Hat.
The public disclosure was done at the request of an anonymous researcher who originally discovered the flaw and after Nvidia failed to respond to a private report about the vulnerability, Airlie said in an email sent to the Full Disclosure mailing list.
Airlie’s message also included proof-of-concept exploit code created by the anonymous researcher to demonstrate the vulnerability.
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (techworld.com.au)
- Nvidia releases Unix driver to fix high-risk vulnerability (infoworld.com)
- NVIDIA closes hole in proprietary Unix driver (h-online.com)
- Nvidia releases new Unix driver to fix high-risk privilege escalation vulnerability (pcadvisor.co.uk)
- NVIDIA Driver Bug Grants Arbitrary Root Access to Local Users (hotforsecurity.com)