LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2012-0238 (NVIDIA driver)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0238: nvidia-current-295.71-1.mga2
 (2/nonfree) 


Date:
    	      Thu, 23 Aug 2012 15:20:38 +0200


Message-ID:
    	      <20120823132038.GA28839@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2012-0238
Date: 	August 23rd, 2012
Affected releases: 	2


Description:
Updated nvidia driver packages fixes a security vulnerability:

NVIDIA received notification of a security exploit that uses NVIDIA UNIX
device files to map and program registers to redirect the VGA window.
Through the VGA window, the exploit can access any region of physical
system memory. This arbitrary memory access can be further exploited,
for example, to escalate user privileges. (CVE-2012-4225)

Because any user with read and write access to the NVIDIA device files
(which is needed to execute applications that use the GPU) could
potentially exploit this vulnerability to gain access to arbitrary
system memory, this vulnerability is classified as high risk by NVIDIA.

NVIDIA is resolving this problem by blocking user-space access to
registers
that control redirection of the VGA window. Further, NVIDIA is also
blocking
user-space access to registers that control GPU-internal
microcontrollers,
which could be used to achieve a similar exploit.

This updates nvidia-current to 295.71 wich is not vulnerable, and also
adds
support for more nvidia GPUs.

This update also moves libnvidia-ml.so.1 from nvidia-current-cuda-opencl
to x11-driver-video-nvidia-current as it is needed by
/usr/bin/nvidia-smi

An updated ldetect-lst is also provided for automatic detection and
management for the added nvidia GPUs support.


Updated Packages:
ldetect-lst-0.1.303.1-1.mga2
ldetect-lst-devel-0.1.303.1-1.mga2
dkms-nvidia-current-295.71-1.mga2.nonfree
nvidia-current-cuda-opencl-295.71-1.mga2.nonfree
nvidia-current-devel-295.71-1.mga2.nonfree
nvidia-current-doc-html-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-desktop-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-desktop586-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-netbook-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-server-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-desktop586-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-desktop-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-netbook-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-server-latest-295.71-1.mga2.nonfree
x11-driver-video-nvidia-current-295.71-1.mga2.nonfree


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
https://bugs.mageia.org/show_bug.cgi?id=7086
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds