The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this advisory.
http://download2.rapid7.com/r7-0025/
UPDATE: Oct 23/06 A fix has been released.