Subject: Re: CVE Request: NVidia Linux driver
Date: Wednesday 1st August 2012 13:25:11 UTC (over 4 years ago)
On Wed, 2012-08-01 at 15:13 +0200, Petr Matousek wrote: > Hi Marc, > > On Wed, Aug 01, 2012 at 08:58:16AM -0400, Marc Deslauriers wrote: > > Hello, > > > > Could a CVE please be assigned to the following issue: > > > > The binary NVidia Linux driver allows local users to access arbitrary > > memory locations by leveraging GPU device-node read/write privileges, > > and escalate privileges to root. Possibly an incomplete fix for > > CVE-2012-0946. > > > > See: > > > > http://seclists.org/fulldisclosure/2012/Aug/4 > > did you test that the exploit works on NVIDIA driver that should contain > the CVE-2012-0946 fix? Yes, I have successfully tested it on 295.40. Marc.