Bug#800566: nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver
anbe at debian.org
Wed Sep 30 23:43:47 UTC 2015
A vulnerability has been found in the NVIDIA driver that could be used
to allow a local, non-privileged user to corrupt kernel memory. This
could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit
integer value stored in the kernel driver to a user-specified memory
location, potentially in the kernel address space. The user has a
limited ability to influence the value of the integer that is written.
Exploit Scope and Risk:
This issue is present on Windows and Linux operating systems and affects
all currently supported NVIDIA driver releases and all GPUs. This issue
does not affect Android-based NVIDIA Tegra products.
Branch 1st version including the fix
More information about the pkg-nvidia-devel