Announcement

Collapse
No announcement yet.

NVIDIA Fixes Linux GPU Driver Security Hole

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NVIDIA Fixes Linux GPU Driver Security Hole

    Phoronix: NVIDIA Fixes Linux GPU Driver Security Hole

    Days after it was publicly revealed that a security vulnerability in the NVIDIA Linux driver easily yields root system access, NVIDIA has updated their proprietary graphics driver to address this problem...

    http://www.phoronix.com/vr.php?view=MTE1Mzk

  • #2
    Cool. The blue tint in games is also fixed, at least according to the changelog, I haven't installed it yet to personally check.

    Comment


    • #3
      Originally posted by Gusar View Post
      Cool. The blue tint in games is also fixed, at least according to the changelog, I haven't installed it yet to personally check.
      Confirmed, the blue tint is gone here with XBMC.

      Comment


      • #4
        i would like to see this kind of fast response for amd. I think they`ll fix 12.6 driver in like 3 months not a few days.

        Comment


        • #5
          Originally posted by adriankx View Post
          i would like to see this kind of fast response for amd. I think they`ll fix 12.6 driver in like 3 months not a few days.
          Don't forget that NVIDIA apparently did not give a shit until this security issue got publicly disclosed: "I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I'd post it for them."

          And only then they pulled their act together

          Comment


          • #6
            @ssvb: You're totally right about the security issue, but it's possible adriankx is talking about the blue tint. That one did get fixed really, really fast. Of course it's also possible that if the security thing didn't force them to release a driver right now, we wouldn't get a blue tint fix this fast
            Last edited by Gusar; 08-04-2012, 06:35 PM.

            Comment


            • #7
              Fedora users will be likely to get this version soon, I'm currently using 304.30 with stable rpmfusion repos.

              Comment


              • #8
                Vulnerable for years?

                Nvidia have known about this security vulnerability for a month without doing anything.
                They were notified of this security vulnerability and totally ignored it and did absolutely nothing!

                Then the guy who notified them about it, contacted David Airlie about who publically announced it and only then Nvidia decided to fix it.
                How long have the driver suffered from this security vulnerability?

                This could have been found by an independent security researcher years ago. This may have been used for years to attack computers.

                Comment


                • #9
                  Originally posted by uid313 View Post
                  How long have the driver suffered from this security vulnerability?

                  This could have been found by an independent security researcher years ago. This may have been used for years to attack computers.
                  This can be said for any vulnerability in any software, so I don't know why you're pointing it out here as something special.

                  Comment


                  • #10
                    Originally posted by Gusar View Post
                    This can be said for any vulnerability in any software, so I don't know why you're pointing it out here as something special.
                    Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
                    If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.

                    Comment


                    • #11
                      Originally posted by uid313 View Post
                      Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
                      If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.
                      How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

                      Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
                      Last edited by Gusar; 08-04-2012, 08:09 PM.

                      Comment


                      • #12
                        Originally posted by Gusar View Post
                        How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?
                        Because someone notified them of this vulnerability a month ago and they did absolutely nothing.

                        So it would not be unreasonable to believe that someone else may have notified them of this (or other) issues several years ago and they have done nothing about it.

                        They now have a proven track record of ignoring known vulnerabilities.

                        Comment


                        • #13
                          I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.

                          Comment


                          • #14
                            Originally posted by brent View Post
                            I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.
                            No a certain someone did report and did report it to the right mail alias, thinking that would inform nvidia off the problem, hey why else would you have an advertised security alias. However it seems that nobody was informed of the problem in nvidia despsite me following their advertised procedures.

                            So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.

                            Dave.

                            Comment


                            • #15
                              About damn time, you morons!

                              Originally posted by Phoronix
                              Days after it was publicly revealed that they blantantly ignored a critical security vulnerability for months, NVIDIA has updated their blob to address this problem.
                              So I guess we should now probably be praising them by throwing huge parties on the rooftops and making everyone we know buy truckloads of their GPUs, right?
                              Last edited by »John«; 08-06-2012, 04:42 AM.

                              Comment

                              Working...
                              X