0 Members and 1 Guest are viewing this topic.
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA.NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit.NVIDIA is committed to security and is working on more robust solutions to prevent malicious manipulations of GPUs.NVIDIA has released an updated UNIX graphics driver 304.32 which contains the fix.
======== Release 304 Entries ======== * Fixed a bug that caused applications that use DirectColor visuals, such as Enemy Territory: Quake Wars and Braid, to appear in shades of blue instead of the correct colors. * Modified handling of RRSetScreenSize requests to ignore requests that do not actually resize the screen. This reduces screen flicker in certain cases when using GNOME. * Added a new option, "--disable-nouveau" to nvidia-installer. This option changes the action that is chosen by default when Nouveau is detected by nvidia-installer. If the "--disable-nouveau" option is set, then the default will be to attempt to disable Nouveau when it is detected; otherwise, no attempt will be made unless requested.