View Single Post
Old 04-11-12, 08:15 AM   #1
danix
NVIDIA Corporation
 
danix's Avatar
 
Join Date: Feb 2010
Location: Santa Clara, CA
Posts: 237
Default Security Vulnerability CVE-2012-0946 in the NVIDIA UNIX driver

A security vulnerability in the NVIDIA UNIX driver has been closed with the latest driver release, 295.40. Details about the vulnerability are available at: http://nvidia.custhelp.com/app/answers/detail/a_id/3109

Because the vulnerability makes it possible for attackers with read/write access to the GPU device nodes to access arbitrary system memory, NVIDIA recommends that users of the NVIDIA Linux, Solaris, and FreeBSD drivers with GeForce 8 or newer, G80 Quadro or newer, or any Tesla GPU update their drivers to version 295.40 or later.

For users of the NVIDIA Linux driver who need to continue using older drivers, a patch is available which closes the vulnerability. The patch is not necessary on 295.40 or later, which already includes the security fix. The patch, and instructions on how to apply it, are available at ftp://download.nvidia.com/XFree86/pa.../CVE-2012-0946

Users of the Linux CUDA debugger should note that an updated CUDA library is needed to maintain driver compatibility with the CUDA debugger after the security vulnerability has been closed. The 295.40 driver includes an updated CUDA library and is compatible with the CUDA debugger. The CUDA debugger will not work on an older driver which has had the security patch applied.
danix is offline