In a new Ubuntu Security Notice (USN-2814-1), Canonical announced that they have patched a security vulnerability in the Nvidia proprietary graphics drivers for all supported Ubuntu Linux operating systems.
According to Canonical, a local attacked could use the issue discovered in the Nvidia graphics drivers to run programs as root (system administrator). “It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges,” said Canonical.
Affected Nvidia binary X.Org driver packages include nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates, nvidia-graphics-drivers-346, nvidia-graphics-drivers-346-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352, and nvidia-graphics-drivers-352-updates.
The affected Ubuntu Linux operating systems include Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin). The problem can be fixed if users of the aforementioned Ubuntu OSes update their operating systems to the new Nvidia graphics driver package versions released by Canonical in the default software repositories of the respective distributions.
All Ubuntu users must update their Nvidia drivers now
Canonical urges all users of the supported Ubuntu distributions and their derivatives to upgrade their Nvidia graphics drivers to the new versions recommended on the Ubuntu Security Notice USN-2814-1 page (link above). To update, run the System Updater utility from the Unity Dash, wait for it to refresh the list of updated packages, and then apply all available updates.
The issue has been documented by Canonical at CVE-2015-7869, dubbed “Unsanitized User Mode Input”, which is a recommended reading because it also affects older Nvidia graphics drivers. Nvidia already published the new driver versions on its website, which include Nvidia 352.63, Nvidia 340.96, and Nvidia 304.131, all of which bring support for the recently released X.Org Server 1.18. All drivers are available for free for both 64-bit and 32-bit hardware architectures.