Your one-stop web resource providing safety and security information to manufacturers

NVIDIA fixed the vulnerability in its proprietary graphics driver for Unix systems that ended up publicly disclosed by a Linux kernel and developer.

On the other hand, NVIDIA said it had already known about the hole for a month. To close it, the company has, along with other drivers, released driver version 304.32, which NVIDIA’s knowledge base is deploying.

Nvidia Hole Found; Disclosure Questions
Framework for Reporting ICS Vulnerabilities
Hacking Victims Still Remain Silent
Amnesty for CA Violations

The new driver version is available for Linux as well as FreeBSD and Solaris, because earlier versions of the drivers for these systems also suffer from the issue.

NVIDIA said the new version prevents attackers from using the same trickery to obtain root privileges used by the exploit developer Dave Airlie released a few days ago. The new drivers also block user-space access to certain GPU registers which an attacker could compromise in a similar way.

Schneider Bold

On its main driver page, NVIDIA continues to offer drivers that still contain the vulnerability; the company plans to close the hole in driver series 295, which will release this week.

A source code patch for driver series 195, and 256 to 304, is available for those who are unable or unwilling to update to the new version. The patch fixes the hole by applying changes to the open source kernel module code. Together with a proprietary driver component, this module then compiles to create a kernel module suitable for the user’s Linux kernel.

Pin It on Pinterest

Share This