Bug 7087

Summary: Update request: nvidia173/-96xx/-current, CVE-2012-4225
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: stormi-mageia, sysadmin-bugs
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: mga1-64-OK mga1-32-OK
Source RPM: nvidia-current CVE:
Status comment:
Attachments: nvidia drivers upgrade log

Description Thomas Backlund 2012-08-16 23:34:43 CEST 
There is now new nvidia* drivers to validate


Advisory:
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges. (CVE-2012-4225)

Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA.

NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit.

This update provides packages that are not vulnerable.


RPMS:
dkms-nvidia173-173.14.31-1.1.mga1.nonfree
dkms-nvidia96xx-96.43.20-1.3.mga1.nonfree
dkms-nvidia-current-275.09.07-1.2.mga1.nonfree
nvidia173-cuda-173.14.31-1.1.mga1.nonfree
nvidia173-devel-173.14.31-1.1.mga1.nonfree
nvidia173-doc-html-173.14.31-1.1.mga1.nonfree
nvidia96xx-devel-96.43.20-1.3.mga1.nonfree
nvidia96xx-doc-html-96.43.20-1.3.mga1.nonfree
nvidia-current-cuda-opencl-275.09.07-1.2.mga1.nonfree
nvidia-current-devel-275.09.07-1.2.mga1.nonfree
nvidia-current-doc-html-275.09.07-1.2.mga1.nonfree
x11-driver-video-nvidia173-173.14.31-1.1.mga1.nonfree
x11-driver-video-nvidia96xx-96.43.20-1.3.mga1.nonfree
x11-driver-video-nvidia-current-275.09.07-1.2.mga1.nonfree


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225
http://nvidia.custhelp.com/app/answers/detail/a_id/3140


from SRPMS:
nvidia173-173.14.31-1.1.mga1.nonfree.src.rpm
nvidia-96xx-96.43.20-1.3.mga1.nonfree.src.rpm
nvidia-current-275.09.07-1.2.mga1.nonfree.src.rpm
Thomas Backlund 2012-08-16 23:35:34 CEST

Status: NEW => ASSIGNED
Blocks: 6914 => (none)
Depends on: 7086 => (none)
Assignee: bugsquad => qa-bugs
Source RPM: nvidia-current-295.71-1.mga2 => nvidia-current

Samuel Verschelde 2012-08-16 23:45:54 CEST

CC: (none) => stormi
Severity: normal => major

Comment 1 Samuel Verschelde 2012-08-16 23:50:36 CEST 
Created attachment 2650 [details]
nvidia drivers upgrade log

I got error messages during upgrade, don't know if they are important. Thomas, can you check?
Comment 2 Samuel Verschelde 2012-08-17 09:24:40 CEST 
Apart from the error messages above, the nvidia-current driver seems to work fine here.
Comment 3 Samuel Verschelde 2012-08-17 09:41:21 CEST 
Previous message was about i586. On same hardware, works well on x86_64 too. I didn't get the error message during upgrade. Maybe this error message was due to my i586 system having 2 different versions of dkms-nvidia-current installed at the same time, I don't know why.
Comment 4 claire robinson 2012-08-22 09:58:44 CEST 
Testing Mageia 1 x86_64
Comment 5 claire robinson 2012-08-22 10:47:40 CEST 
Confirmed CVE closed. Al seems Ok.

I didn't see the error messages Samuel had.

Testing complete x86_64

Whiteboard: (none) => mga1-64-OK

Comment 6 claire robinson 2012-08-22 12:44:18 CEST 
Installed all 3 into a VM i586 so only able to test they build OK but there were no issues so I think we can validate this one.

See comment 0 for advisory and srpms

Could sysadmin please push from nonfree/updates_testing to nonfree/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: mga1-64-OK => mga1-64-OK mga1-32-OK

Comment 7 Thomas Backlund 2012-08-23 10:22:43 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0235

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED