|| ||Mageia Updates <firstname.lastname@example.org> |
|| ||email@example.com |
|| ||[updates-announce] MGASA-2012-0238: nvidia-current-295.71-1.mga2
|| ||Thu, 23 Aug 2012 15:20:38 +0200|
|| ||Article, Thread
Date: August 23rd, 2012
Affected releases: 2
Updated nvidia driver packages fixes a security vulnerability:
NVIDIA received notification of a security exploit that uses NVIDIA UNIX
device files to map and program registers to redirect the VGA window.
Through the VGA window, the exploit can access any region of physical
system memory. This arbitrary memory access can be further exploited,
for example, to escalate user privileges. (CVE-2012-4225)
Because any user with read and write access to the NVIDIA device files
(which is needed to execute applications that use the GPU) could
potentially exploit this vulnerability to gain access to arbitrary
system memory, this vulnerability is classified as high risk by NVIDIA.
NVIDIA is resolving this problem by blocking user-space access to
that control redirection of the VGA window. Further, NVIDIA is also
user-space access to registers that control GPU-internal
which could be used to achieve a similar exploit.
This updates nvidia-current to 295.71 wich is not vulnerable, and also
support for more nvidia GPUs.
This update also moves libnvidia-ml.so.1 from nvidia-current-cuda-opencl
to x11-driver-video-nvidia-current as it is needed by
An updated ldetect-lst is also provided for automatic detection and
management for the added nvidia GPUs support.
to post comments)