1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202412-20 ] NVIDIA Drivers: Privilege Escalati

    From glsamaker@gentoo.org@21:1/5 to All on Sat Dec 14 12:10:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202412-20
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: NVIDIA Drivers: Privilege Escalation
    Date: December 14, 2024
    Bugs: #942031
    ID: 202412-20

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in NVIDIA Drivers, the
    worst of which could result in privilege escalation.

    Background
    ==========

    NVIDIA Drivers are NVIDIA's accelerated graphics driver.

    Affected packages
    =================

    Package Vulnerable Unaffected
    -------------------------- ------------ ------------- x11-drivers/nvidia-drivers < 535.216.01 >= 535.216.01

    Description
    ===========

    A vulnerability has been discovered in NVIDIA Drivers. Please review the
    CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifier for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All NVIDIA Drivers 535 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.216.01:0/535"

    All NVIDIA Drivers 550 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.127.05:0/550"

    References
    ==========

    [ 1 ] CVE-2024-0126
    https://nvd.nist.gov/vuln/detail/CVE-2024-0126

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202412-20

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmddZdAACgkQFMQkOaVy +9nkpQ/+Iws6w0aPXWOyNKlJQnhgXg87Nipty1jmIi5su+OUu0iDGdeEBl4jwlHi JJ8yYn7dHm+PF2fkFxd7kmp06bj6NhQ4VBFtTqlAn3vYunz0KTJmJY+gBBkV06lH 5XX7ykzb/ZSazbpB+W3ZPfQPzINYdTzyH8R86rip2D0XpefudHE++XZwpjPboIYY ys52kOD+mF/NM1PSJb8dee4KEj1AnYtr2FPlSH8oVeCNa/lwui8CmTauczq8+qmF VUWEQWFPIDcoi+eoilmepX6mSxmhrDzG1ZoMhbr7X8hYg38VQsJHBgz8kO5Bu2o4 bLxgarSJ0kJplPkijGnxPHWhSgZdUb5UYx1pNAA1ncGvV+HKrYB4fGCNWatPs/wV 2jDVkOuk5b313oMsecf8cNhWqoXp4e9xDUEy1U0Q6+LmYmvPgcq+UetzLsRNa+lq wEBx/GbrJQvd5WdFQBHYRaXUmy0OfzWB4E+IInt7tRxvdBSbR4MnKq9ORgui3B2X Bt0Ds4nGS1bCpADL0A1ZzX6pIsre1f2ZOJi6eKGwg+TumeKCuYoO4PA3QgfKfURg aNp0Auj6u8oxhaBOrTZshZZ2hUJVewIDikMhKbgNJZ8QHn85kLlT2hLyxVIM/sxN FC8ZmNqRe/zUtQCxP//snWOF4TShmBXQq4RnxIUc/yRSHgNlZI4=
    =6rME
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)