CVE-2012-4225
high
CVSS v3
—
CVSS v2
7.2
VIR risk
7.2
Description
NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-4225
Vendor advisory: cve@mitre.org — http://nvidia.custhelp.com/app/answers/detail/a_id/3140
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 304.37-1 |
| debian | bullseye | fixed | 304.37-1 |
| debian | forky | fixed | 304.37-1 |
| debian | sid | fixed | 304.37-1 |
| debian | trixie | fixed | 304.37-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| nvidia | unix_graphic_driver | {"endIncluding":"295.71"} | |
| nvidia | unix_graphic_driver | {"endIncluding":"304.32"} | |
References
- http://nvidia.custhelp.com/app/answers/detail/a_id/3140
- http://seclists.org/fulldisclosure/2012/Aug/4
- http://seclists.org/fulldisclosure/2012/Aug/76
- http://security.gentoo.org/glsa/glsa-201304-01.xml
- http://www.openwall.com/lists/oss-security/2012/08/01/1
- http://www.openwall.com/lists/oss-security/2012/08/08/4
- https://security-tracker.debian.org/tracker/CVE-2012-4225
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.