Posts Tagged ‘read and write arbitrary system memory’
Friday, April 13, 2012 @ 04:04 PM gHale
A new release of NVIDIA’s proprietary UNIX graphics drivers for Linux, Solaris and FreeBSD fixes a security vulnerability that allowed attackers to read and write arbitrary system memory in order to obtain root privileges.
To take advantage of the vulnerability, an attacker must have access permission for some device files, which for systems with these drivers is typically the case for users who can launch a graphical interface such as 3D acceleration.
Version 295.40 of the driver corrects this problem; for older drivers whose version numbers start with 195, 256 to 285, or 290 to 295, NVIDIA made patches available that change the vulnerable part of the kernel module belonging to the driver. Users who update the driver with this patch and use the CUDA debugger will also need to update the CUDA library before the debugger can work again.
NVIDIA has categorized the security hole as “high risk” and recommends users update to the new version if they use the drivers with GeForce 8, G80 Quadro graphics cards, or newer models from those lines. The company has not confirmed whether the problem also exists for older graphics card models or legacy drivers (such as the 173 line).