Bug#735271: nvidia-graphics-drivers: CVE-2013-5987 - Unprivileged GPU access vulnerability

Andreas Beckmann anbe at debian.org
Tue Jan 14 10:25:06 UTC 2014

Source: nvidia-graphics-drivers
Severity: serious
Tags: security
Control: fixed -1 319.72-1,331.20-1

Quoting from


Vulnerability Description:
An NVIDIA graphics driver bug allows unprivileged user-mode software to
access the GPU inappropriately. An attacker who successfully exploited
this vulnerability could take control of an affected system.

Exploit Scope and Risk:
To take advantage of this vulnerability, an attacker would need to run
specially crafted software locally on the target computer. Expert
knowledge of system and NVIDIA GPU programming would be required to
create such an exploit. NVIDIA is not aware of the existence of any
actual exploits that leverage this vulnerability.  

This issue could potentially affect all supported PC OS platforms and
form factors. NVIDIA Tegra GPUs are not vulnerable.

The following table shows the first NVIDIA UNIX GPU Drivers that contain
the security fix.

Driver Branch 	 Version
Release 331 	 331.20
Release 319 	 319.72
Release 304 	 304.116

nvidia-graphics-drivers-legacy-304xx is affected as well, but is already
at the fixed version.
It is unknown whether the older legacy branches are affected.


More information about the pkg-nvidia-devel mailing list