| Summary: | Update request: nvidia-current-460.32.03-1.mga7.nonfree | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | fri, geiger.david68210, mageia, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | nvidia-current | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 27938, 27939 | ||
|
Description
Thomas Backlund
2021-01-11 08:41:41 CET
Raising the severity Severity:
normal =>
major OK here Mageia7 64, Plasma, kernel 5.7.19-desktop-3.mga7 GPU GM107 [GeForce GTX 750], CPU Intel i7-3770 Clean update and reboot *), no problem normal apps including video. Virtualbox client MSWin7 plays video CUDA and OPENCL recognised in BOINC (no workload to test with right now though) *) Except, as usual, the embarrasment of logout/shutdown menu not working, so I issued "reboot" as normal user in Konsole. CC:
(none) =>
fri Sidenote: Between updating and reboot I attempted to launch Falkon browser, which failed, starting from terminal it complained about OpenGL. Launches OK after reboot. Not a bug, just example rebooting is needed after some updates, as discussed now and then... (In reply to Morgan Leijström from comment #2) > *) Except, as usual, the embarrasment of logout/shutdown menu not working, > so I issued "reboot" as normal user in Konsole. In system log (# journalctl -f) you can even see this after updating graphic drivers under Plasma: janv. 08 10:26:02 mageia.local ksmserver-logout-greeter[17547]: QGLXContext: Failed to create dummy context janv. 08 10:26:03 mageia.local ksmserver-logout-greeter[17547]: Failed to create OpenGL context for format QSurfaceFormat(version 2.0, options QFlags<QSurfaceFormat::FormatOption>(ResetNotification), depthBufferSize 24, redBufferSize -1, greenBufferSize -1, blueBufferSize -1, alphaBufferSize 8, stencilBufferSize 8, samples -1, swapBehavior QSurfaceFormat::DoubleBuffer, swapInterval 1, colorSpace QSurfaceFormat::DefaultColorSpace, profile QSurfaceFormat::NoProfile) This is due to drivers change. Plasma/QT apps can't no longer create opengl surface because the old nvidia kernel module is still in memory. The best you can do is to reboot the computer. I do see a change in Plasma in near future. I will track it. just a note that before this is validated, the (s)rpms will be moved to nonfree updates_testing, and an updated ldecect-lst package will be added too (In reply to Morgan Leijström from comment #3) > Sidenote: Between updating and reboot I attempted to launch Falkon browser, > which failed, starting from terminal it complained about OpenGL. Launches > OK after reboot. Not a bug, just example rebooting is needed after some > updates, as discussed now and then... This has been workarounded/fixed upstream in KDE Frameworks 5.78: https://bugs.kde.org/show_bug.cgi?id=346519#c94 CC'd David on this. CC:
(none) =>
geiger.david68210 OK also with Kernel 5.10.6-desktop-1.mga7 now in same machine; all tests as in comment 2 performed without any issue. :) One quirk: virtualbox-kernel-desktop-latest is 6.1.16-4; version 6.1.16-7 refuse install saying it need virtualbox-kernel-5.10.3-desktop-1.mga7 But anyhow the guest worked perfectly with video, internet, USB, shared folders. --- Nice that hickup is being fixed in KDE - thanks for the link :)
Thomas Backlund
2021-01-11 21:01:21 CET
Blocks:
(none) =>
27939
Thomas Backlund
2021-01-11 21:05:19 CET
Blocks:
(none) =>
27938 Installed and tested without issue. Tested... GPU: nVidia GT 1030 Kernels: 5.10.6-desktop-1.mga7, 5.7.19-desktop-3.mga7 DE: Plasma, LXQt Programs: glmark2, several 3D games, several steam 3D games, several WebGL sites, blender, sweethome3d, firefox, waterfox, falkon, konqueror, chromium, etc. CUDA/OpenCL: several simple programs. System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia-current proprietary driver. $ uname -a Linux marte 5.10.6-desktop-1.mga7 #1 SMP Sat Jan 9 20:09:55 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ lspcidrake | grep VGA Card:NVIDIA GeForce 635 series and later: NVIDIA Corporation|GP108 [GeForce GT 1030] [DISPLAY_VGA] (rev: a1) $ dkms status nvidia-current, 460.32.03-1.mga7.nonfree, 5.7.19-desktop-3.mga7, x86_64: installed nvidia-current, 460.32.03-1.mga7.nonfree, 5.10.6-desktop-1.mga7, x86_64: installed $ rpm -qa | egrep '^kernel' | sort kernel-desktop-5.10.6-1.mga7-1-1.mga7 kernel-desktop-5.7.19-3.mga7-1-1.mga7 kernel-desktop-devel-5.10.6-1.mga7-1-1.mga7 kernel-desktop-devel-5.7.19-3.mga7-1-1.mga7 kernel-desktop-devel-latest-5.10.6-1.mga7 kernel-desktop-latest-5.10.6-1.mga7 kernel-firmware-20190603-1.mga7 kernel-firmware-nonfree-20201118-1.mga7.nonfree kernel-userspace-headers-5.10.6-1.mga7 $ rpm -qa | grep nvidia | sort dkms-nvidia-current-460.32.03-1.mga7.nonfree nvidia-current-cuda-opencl-460.32.03-1.mga7.nonfree nvidia-current-doc-html-430.64-11.mga7.nonfree nvidia-current-utils-460.32.03-1.mga7.nonfree x11-driver-video-nvidia-current-460.32.03-1.mga7.nonfree CC:
(none) =>
mageia Suggested advisory: ======================== The updated packages fix security vulnerabilities: NVIDIA GPU Display Driver Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure (CVE‑2021‑1052). NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) IOCTL in which improper validation of a user pointer may lead to denial of service (CVE‑2021‑1053). NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure (CVE‑2021‑1056). References: - https://nvidia.custhelp.com/app/answers/detail/a_id/5142/~/security-bulletin%3A-nvidia-gpu-display-driver---january-2021 ======================== Updated packages in core/updates_testing: ======================== x86_64: dkms-nvidia-current-460.32.03-1.mga7.nonfree.x86_64.rpm nvidia-current-cuda-opencl-460.32.03-1.mga7.nonfree.x86_64.rpm nvidia-current-devel-460.32.03-1.mga7.nonfree.x86_64.rpm nvidia-current-doc-html-460.32.03-1.mga7.nonfree.x86_64.rpm nvidia-current-utils-460.32.03-1.mga7.nonfree.x86_64.rpm x11-driver-video-nvidia-current-460.32.03-1.mga7.nonfree.x86_64.rpm from SRPM nvidia-current-460.32.03-1.mga7.nonfree.src.rpm Same with a Nvidia Geforce GTX 1660 Ti and a Nvidia Geforce GTX 670 on two different machines. MGA7-64-OK Validating. This is a security update. Advisory pushed to SVN. Whiteboard:
(none) =>
MGA7-64-OK as per coment 5, I still have to fix up ldetec-lst Keywords:
advisory, validated_update =>
(none) (In reply to Thomas Backlund from comment #11) > as per coment 5, I still have to fix up ldetec-lst Yeah ;) too prompt... Keywords:
(none) =>
advisory, validated_update
Thomas Backlund
2021-01-14 14:28:48 CET
Keywords:
advisory, validated_update =>
(none) advisory updated to add the updated ldetect-lst-0.6.9.1-1.mga7 Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0029.html Resolution:
(none) =>
FIXED |