There is now new nvidia* drivers to validate Advisory: NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges. (CVE-2012-4225) Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA. NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit. This update provides packages that are not vulnerable. RPMS: dkms-nvidia173-173.14.31-1.1.mga1.nonfree dkms-nvidia96xx-96.43.20-1.3.mga1.nonfree dkms-nvidia-current-275.09.07-1.2.mga1.nonfree nvidia173-cuda-173.14.31-1.1.mga1.nonfree nvidia173-devel-173.14.31-1.1.mga1.nonfree nvidia173-doc-html-173.14.31-1.1.mga1.nonfree nvidia96xx-devel-96.43.20-1.3.mga1.nonfree nvidia96xx-doc-html-96.43.20-1.3.mga1.nonfree nvidia-current-cuda-opencl-275.09.07-1.2.mga1.nonfree nvidia-current-devel-275.09.07-1.2.mga1.nonfree nvidia-current-doc-html-275.09.07-1.2.mga1.nonfree x11-driver-video-nvidia173-173.14.31-1.1.mga1.nonfree x11-driver-video-nvidia96xx-96.43.20-1.3.mga1.nonfree x11-driver-video-nvidia-current-275.09.07-1.2.mga1.nonfree References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225 http://nvidia.custhelp.com/app/answers/detail/a_id/3140 from SRPMS: nvidia173-173.14.31-1.1.mga1.nonfree.src.rpm nvidia-96xx-96.43.20-1.3.mga1.nonfree.src.rpm nvidia-current-275.09.07-1.2.mga1.nonfree.src.rpm
Status: NEW => ASSIGNEDBlocks: 6914 => (none)Depends on: 7086 => (none)Assignee: bugsquad => qa-bugsSource RPM: nvidia-current-295.71-1.mga2 => nvidia-current
CC: (none) => stormiSeverity: normal => major
Created attachment 2650 [details] nvidia drivers upgrade log I got error messages during upgrade, don't know if they are important. Thomas, can you check?
Apart from the error messages above, the nvidia-current driver seems to work fine here.
Previous message was about i586. On same hardware, works well on x86_64 too. I didn't get the error message during upgrade. Maybe this error message was due to my i586 system having 2 different versions of dkms-nvidia-current installed at the same time, I don't know why.
Testing Mageia 1 x86_64
Confirmed CVE closed. Al seems Ok. I didn't see the error messages Samuel had. Testing complete x86_64
Whiteboard: (none) => mga1-64-OK
Installed all 3 into a VM i586 so only able to test they build OK but there were no issues so I think we can validate this one. See comment 0 for advisory and srpms Could sysadmin please push from nonfree/updates_testing to nonfree/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: mga1-64-OK => mga1-64-OK mga1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0235
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED