Bug 7087 - Update request: nvidia173/-96xx/-current, CVE-2012-4225
Summary: Update request: nvidia173/-96xx/-current, CVE-2012-4225
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: mga1-64-OK mga1-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-08-16 23:34 CEST by Thomas Backlund
Modified: 2012-08-23 10:22 CEST (History)
2 users (show)

See Also:
Source RPM: nvidia-current
CVE:
Status comment:


Attachments
nvidia drivers upgrade log (3.83 KB, text/x-log)
2012-08-16 23:50 CEST, Samuel Verschelde
Details

Description Thomas Backlund 2012-08-16 23:34:43 CEST
There is now new nvidia* drivers to validate


Advisory:
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges. (CVE-2012-4225)

Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA.

NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit.

This update provides packages that are not vulnerable.


RPMS:
dkms-nvidia173-173.14.31-1.1.mga1.nonfree
dkms-nvidia96xx-96.43.20-1.3.mga1.nonfree
dkms-nvidia-current-275.09.07-1.2.mga1.nonfree
nvidia173-cuda-173.14.31-1.1.mga1.nonfree
nvidia173-devel-173.14.31-1.1.mga1.nonfree
nvidia173-doc-html-173.14.31-1.1.mga1.nonfree
nvidia96xx-devel-96.43.20-1.3.mga1.nonfree
nvidia96xx-doc-html-96.43.20-1.3.mga1.nonfree
nvidia-current-cuda-opencl-275.09.07-1.2.mga1.nonfree
nvidia-current-devel-275.09.07-1.2.mga1.nonfree
nvidia-current-doc-html-275.09.07-1.2.mga1.nonfree
x11-driver-video-nvidia173-173.14.31-1.1.mga1.nonfree
x11-driver-video-nvidia96xx-96.43.20-1.3.mga1.nonfree
x11-driver-video-nvidia-current-275.09.07-1.2.mga1.nonfree


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225
http://nvidia.custhelp.com/app/answers/detail/a_id/3140


from SRPMS:
nvidia173-173.14.31-1.1.mga1.nonfree.src.rpm
nvidia-96xx-96.43.20-1.3.mga1.nonfree.src.rpm
nvidia-current-275.09.07-1.2.mga1.nonfree.src.rpm
Thomas Backlund 2012-08-16 23:35:34 CEST

Status: NEW => ASSIGNED
Blocks: 6914 => (none)
Depends on: 7086 => (none)
Assignee: bugsquad => qa-bugs
Source RPM: nvidia-current-295.71-1.mga2 => nvidia-current

Samuel Verschelde 2012-08-16 23:45:54 CEST

CC: (none) => stormi
Severity: normal => major

Comment 1 Samuel Verschelde 2012-08-16 23:50:36 CEST
Created attachment 2650 [details]
nvidia drivers upgrade log

I got error messages during upgrade, don't know if they are important. Thomas, can you check?
Comment 2 Samuel Verschelde 2012-08-17 09:24:40 CEST
Apart from the error messages above, the nvidia-current driver seems to work fine here.
Comment 3 Samuel Verschelde 2012-08-17 09:41:21 CEST
Previous message was about i586. On same hardware, works well on x86_64 too. I didn't get the error message during upgrade. Maybe this error message was due to my i586 system having 2 different versions of dkms-nvidia-current installed at the same time, I don't know why.
Comment 4 claire robinson 2012-08-22 09:58:44 CEST
Testing Mageia 1 x86_64
Comment 5 claire robinson 2012-08-22 10:47:40 CEST
Confirmed CVE closed. Al seems Ok.

I didn't see the error messages Samuel had.

Testing complete x86_64

Whiteboard: (none) => mga1-64-OK

Comment 6 claire robinson 2012-08-22 12:44:18 CEST
Installed all 3 into a VM i586 so only able to test they build OK but there were no issues so I think we can validate this one.

See comment 0 for advisory and srpms

Could sysadmin please push from nonfree/updates_testing to nonfree/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: mga1-64-OK => mga1-64-OK mga1-32-OK

Comment 7 Thomas Backlund 2012-08-23 10:22:43 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0235

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.