Vulnerability Description:

An NVIDIA graphics driver bug allows unprivileged user-mode software to access the GPU inappropriately. An attacker who successfully exploited this vulnerability could take control of an affected system.

Exploit Scope and Risk:

To take advantage of this vulnerability, an attacker would need to run specially crafted software locally on the target computer. Expert knowledge of system and NVIDIA GPU programming would be required to create such an exploit. NVIDIA is not aware of the existence of any actual exploits that leverage this vulnerability.



This issue could potentially affect all supported PC OS platforms and form factors. NVIDIA Tegra GPUs are not vulnerable.



Vulnerability Discovery:

NVIDIA was alerted to this issue by Marcin Kościelnicki from the X.Org Foundation Nouveau project.

Fix:

NVIDIA has taken action to fix this issue via driver updates. To eliminate this vulnerability, we strongly recommend that NVIDIA users update their systems with the latest NVIDIA drivers, which can be installed through the GeForce Experience application for Windows users, or downloaded from our driver download page.



In general, the following actions can reduce computer security risks:

• Do not interact with messages, chats, or other forms of electronic communications from unknown or untrusted senders.

• Do not install or execute untrusted software.

• Keep your operating system and installed applications fully up-to-date with all updates and security patches.

• Use anti-virus and anti-malware security software with up-to-date definitions.

• Utilize network and local firewalls.

NOTE: This disclosure also covers CVE-2013-5986.

UNIX GPU Driver Releases

The following table shows the first NVIDIA UNIX GPU Drivers that contain the security fix.

Driver Branch Version Release 331 331.20 Release 319 319.72 Release 304 304.116



