NVIDIA fixed the vulnerability in its proprietary graphics driver for Unix systems that ended up publicly disclosed by a Linux kernel and X.org developer.
On the other hand, NVIDIA said it had already known about the hole for a month. To close it, the company has, along with other drivers, released driver version 304.32, which NVIDIA’s knowledge base is deploying.
The new driver version is available for Linux as well as FreeBSD and Solaris, because earlier versions of the drivers for these systems also suffer from the issue.
NVIDIA said the new version prevents attackers from using the same trickery to obtain root privileges used by the exploit X.org developer Dave Airlie released a few days ago. The new drivers also block user-space access to certain GPU registers which an attacker could compromise in a similar way.
On its main driver page, NVIDIA continues to offer drivers that still contain the vulnerability; the company plans to close the hole in driver series 295, which will release this week.
A source code patch for driver series 195, and 256 to 304, is available for those who are unable or unwilling to update to the new version. The patch fixes the hole by applying changes to the open source kernel module code. Together with a proprietary driver component, this module then compiles to create a kernel module suitable for the user’s Linux kernel.