Security issue in NVIDIA UNIX device files to map and program registers to redirect the VGA window
Bug #1033452 reported by
Alberto Milone
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nvidia-graphics-drivers (Ubuntu) |
Fix Released
|
Critical
|
Alberto Milone | ||
Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Natty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Critical
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Critical
|
Alberto Milone | ||
nvidia-graphics-drivers-updates (Ubuntu) |
Fix Released
|
Critical
|
Alberto Milone | ||
Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Natty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Critical
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Critical
|
Alberto Milone |
Bug Description
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.
Here is the email by Dave Airlie on the issue:
http://
Nvidia's announcement:
http://
Changed in nvidia-graphics-drivers (Ubuntu Precise): | |
status: | New → In Progress |
Changed in nvidia-graphics-drivers-updates (Ubuntu): | |
status: | New → In Progress |
Changed in nvidia-graphics-drivers-updates (Ubuntu Precise): | |
status: | New → In Progress |
Changed in nvidia-graphics-drivers (Ubuntu Precise): | |
importance: | Undecided → Critical |
Changed in nvidia-graphics-drivers-updates (Ubuntu): | |
importance: | Undecided → Critical |
Changed in nvidia-graphics-drivers-updates (Ubuntu Precise): | |
importance: | Undecided → Critical |
Changed in nvidia-graphics-drivers (Ubuntu Precise): | |
assignee: | nobody → Alberto Milone (albertomilone) |
Changed in nvidia-graphics-drivers-updates (Ubuntu): | |
assignee: | nobody → Alberto Milone (albertomilone) |
Changed in nvidia-graphics-drivers-updates (Ubuntu Precise): | |
assignee: | nobody → Alberto Milone (albertomilone) |
Changed in nvidia-graphics-drivers (Ubuntu Lucid): | |
status: | New → In Progress |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in nvidia-graphics-drivers (Ubuntu Natty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → In Progress |
Changed in nvidia-graphics-drivers (Ubuntu Oneiric): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → In Progress |
Changed in nvidia-graphics-drivers (Ubuntu Precise): | |
assignee: | Alberto Milone (albertomilone) → Marc Deslauriers (mdeslaur) |
Changed in nvidia-graphics-drivers-updates (Ubuntu Lucid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → In Progress |
Changed in nvidia-graphics-drivers-updates (Ubuntu Natty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → In Progress |
Changed in nvidia-graphics-drivers-updates (Ubuntu Oneiric): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
status: | New → In Progress |
Changed in nvidia-graphics-drivers-updates (Ubuntu Precise): | |
assignee: | Alberto Milone (albertomilone) → Marc Deslauriers (mdeslaur) |
security vulnerability: | no → yes |
Changed in nvidia-graphics-drivers (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers (Ubuntu Natty): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers (Ubuntu Oneiric): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers-updates (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers-updates (Ubuntu Natty): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers-updates (Ubuntu Oneiric): | |
status: | In Progress → Fix Released |
Changed in nvidia-graphics-drivers-updates (Ubuntu Precise): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package nvidia- graphics- drivers- updates - 304.32-0ubuntu1
--------------- graphics- drivers- updates (304.32-0ubuntu1) quantal; urgency=low
nvidia-
* debian/control.in, debian/rules: settings- daemon to crash after changing the Aliasing.
- Switch from cdbs to debhelper.
* New upstream release:
- Fixed security issue that allowed an exploit to
use NVIDIA UNIX device files to map and program
registers to redirect the VGA window. Through the
VGA window, the exploit could access any region of
physical system memory. This arbitrary memory
access could then be further exploited, for
example, to escalate user privileges (LP: #1033452).
- Added support for xserver ABI 13 (xorg-server 1.13).
- Fixed a bug that caused RRSetOutputPrimary requests
to incorrectly generate BadValue errors when
setting the primary output to None. This caused
gnome-
screen configuration in response to a display
hotplug or the display change hot-key being pressed.
- Fixed a problem where RENDER Glyphs operations
would exhibit severe performance issues in certain
cases, such as when used with gradients by Cairo
and Chromium.
- Fixed a bug that caused X to hang when resuming
certain DisplayPort display devices (such as Apple
brand mini-DisplayPort to dual-link DVI adapters)
from power-saving mode.
- Added support for the following GPU: Tesla K10
- Fixed a bug that caused an X screen to be extended
to Quadro SDI Output devices by default. An X
screen will still use an SDI Output device if it
is the only display device available. To use a SDI
Output device on an X screen with other display
devices available, include the SDI Output device
with either the "UseDisplayDevice" or "MetaMode"
X configuration options.
- Updated X11 modeline validation such that modes
not defined in a display device's EDID are
discarded if the EDID 1.3 "GTF Supported" flag is
unset or if the EDID 1.4 "Continuous Frequency"
flag is unset. The new "AllowNonEdidModes" token
for the ModeValidation X configuration option can
be used to disable this new check.
- Fixed a bug, introduced in the 295.xx release
series, with EDID detection on some laptop
internal panels. This bug caused the laptop
internal panel to show six small copies of the
desktop.
- Added support for FXAA, Fast Approximate
Anti-
-- Alberto Milone <email address hidden> Mon, 06 Aug 2012 12:04:20 +0200