From Mageia wiki
Jump to: navigation, search

MGASA-2012-0238

Date: August 23rd, 2012
Affected releases: 2


Description:
Updated nvidia driver packages fixes a security vulnerability:

NVIDIA received notification of a security exploit that uses NVIDIA UNIX
device files to map and program registers to redirect the VGA window.
Through the VGA window, the exploit can access any region of physical
system memory. This arbitrary memory access can be further exploited,
for example, to escalate user privileges. (CVE-2012-4225)

Because any user with read and write access to the NVIDIA device files
(which is needed to execute applications that use the GPU) could
potentially exploit this vulnerability to gain access to arbitrary
system memory, this vulnerability is classified as high risk by NVIDIA.

NVIDIA is resolving this problem by blocking user-space access to registers
that control redirection of the VGA window. Further, NVIDIA is also blocking
user-space access to registers that control GPU-internal microcontrollers,
which could be used to achieve a similar exploit.

This updates nvidia-current to 295.71 wich is not vulnerable, and also adds
support for more nvidia GPUs.

This update also moves libnvidia-ml.so.1 from nvidia-current-cuda-opencl
to x11-driver-video-nvidia-current as it is needed by /usr/bin/nvidia-smi

An updated ldetect-lst is also provided for automatic detection and
management for the added nvidia GPUs support.


Updated Packages:
ldetect-lst-0.1.303.1-1.mga2
ldetect-lst-devel-0.1.303.1-1.mga2
dkms-nvidia-current-295.71-1.mga2.nonfree
nvidia-current-cuda-opencl-295.71-1.mga2.nonfree
nvidia-current-devel-295.71-1.mga2.nonfree
nvidia-current-doc-html-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-desktop-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-desktop586-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-netbook-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-3.3.8-server-2.mga2-295.71-1.mga2.nonfree
nvidia-current-kernel-desktop586-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-desktop-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-netbook-latest-295.71-1.mga2.nonfree
nvidia-current-kernel-server-latest-295.71-1.mga2.nonfree
x11-driver-video-nvidia-current-295.71-1.mga2.nonfree


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
https://bugs.mageia.org/show_bug.cgi?id=7086

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0238&oldid=10521"