MGASA-2012-0235
| Date: | August 23rd, 2012 |
| Affected releases: | 1 |
Description:
Updated nvidia driver packages fixes a security vulnerability:
NVIDIA received notification of a security exploit that uses NVIDIA UNIX
device files to map and program registers to redirect the VGA window.
Through the VGA window, the exploit can access any region of physical
system memory. This arbitrary memory access can be further exploited,
for example, to escalate user privileges. (CVE-2012-4225)
Because any user with read and write access to the NVIDIA device files
(which is needed to execute applications that use the GPU) could
potentially exploit this vulnerability to gain access to arbitrary
system memory, this vulnerability is classified as high risk by NVIDIA.
NVIDIA is resolving this problem by blocking user-space access to registers
that control redirection of the VGA window. Further, NVIDIA is also blocking
user-space access to registers that control GPU-internal microcontrollers,
which could be used to achieve a similar exploit.
Updated Packages:
dkms-nvidia173-173.14.31-1.1.mga1.nonfree
dkms-nvidia96xx-96.43.20-1.3.mga1.nonfree
dkms-nvidia-current-275.09.07-1.2.mga1.nonfree
nvidia173-cuda-173.14.31-1.1.mga1.nonfree
nvidia173-devel-173.14.31-1.1.mga1.nonfree
nvidia173-doc-html-173.14.31-1.1.mga1.nonfree
nvidia96xx-devel-96.43.20-1.3.mga1.nonfree
nvidia96xx-doc-html-96.43.20-1.3.mga1.nonfree
nvidia-current-cuda-opencl-275.09.07-1.2.mga1.nonfree
nvidia-current-devel-275.09.07-1.2.mga1.nonfree
nvidia-current-doc-html-275.09.07-1.2.mga1.nonfree
x11-driver-video-nvidia173-173.14.31-1.1.mga1.nonfree
x11-driver-video-nvidia96xx-96.43.20-1.3.mga1.nonfree
x11-driver-video-nvidia-current-275.09.07-1.2.mga1.nonfree
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
https://bugs.mageia.org/show_bug.cgi?id=7087
