Gentoo Users: Upgrade Your NVIDIA Driver!

The Inquirer is reporting on an NVIDIA-driver-based bug that resides within the Gentoo Linux distribution. The bug is rather simple, and rather simple to fix. The driver resides under /dev as nvidia* (nvidia0, nvidia1, etc) and with some old versions of the driver, which were installed through Portage, incorrect permissions were set. Thanks to this, the driver could be exploited in a variety of ways, the harshest being changes to the GPU’s clock frequencies.

If you use Gentoo and the NVIDIA driver, it’s best to upgrade to the latest stable version in Portage with your emerge command. If you install the NVIDIA driver yourself (without Portage), it looks like you are safe, as it’s Portage at fault for setting incorrect permissions.

The file permissions mean that a hacker could alter the drivers and send arbitary code to the board itself, resulting in a software compromise or even damage to the actual Nvidia hardware, should a hacker choose to jack up your clock frequencies on the sly. Gentoo users are being urged to update to the latest version of the X11 Nvidia drivers, if they haven’t done so already, as the up to date version has the file permissions fixed.

Source: The Inquirer