Re: CVE Request: NVidia Linux driver

On Wed, 2012-08-01 at 15:13 +0200, Petr Matousek wrote:
> Hi Marc,
> 
> On Wed, Aug 01, 2012 at 08:58:16AM -0400, Marc Deslauriers wrote:
> > Hello,
> > 
> > Could a CVE please be assigned to the following issue:
> > 
> > The binary NVidia Linux driver allows local users to access arbitrary
> > memory locations by leveraging GPU device-node read/write privileges,
> > and escalate privileges to root. Possibly an incomplete fix for
> > CVE-2012-0946.
> > 
> > See:
> > 
> > http://seclists.org/fulldisclosure/2012/Aug/4
> 
> did you test that the exploit works on NVIDIA driver that should contain
> the CVE-2012-0946 fix?

Yes, I have successfully tested it on 295.40.

Marc.