http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747

"...it has been sent to nvidia over a month ago with no reply or advisory..."

Anyone know if the average user has anything to worry about?

I haven't tried it, but some report that it works while others say it fails amid varying hardware configs and distros. Hopefully, nvidia will step up and release a fix soon....?

Anyone know if the average user has anything to worry about?

The only plausible scenario involving an average user if is someone wants to be a nuisance to you, either because they don't like you or just for a prank. Then they could sit at your computer while you have your back turned, run it, get root and do something potentially annoying.

The bottom line is that someone has to go to your computer, login and run the thing ithout you noticing, so it has to be someone you are somewhat acquainted with.

(If you are running a SSH or some other server, it's a different story, but then you are not an "average user".)

Not necessarily, it could be a false download...
Although, it's not like servers run nvidia, only home setups would do that...
:popcorn:

login and run the thing ithout you noticing

Beware the Linux ninjas.
[rest of post erased by ninjas]

it is fixed
http://www.nvidia.com/object/linux-display-amd64-304.37-driver.html

Implemented hotfix for a privilege escalation vulnerability reported on August 1, 2012. For more details, see:
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
it is available in the x swat ppa (https://launchpad.net/~ubuntu-x-swat/+archive/x-updates/)