Announcement

Collapse
No announcement yet.

NVIDIA Fixes Linux GPU Driver Security Hole

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic NVIDIA Fixes Linux GPU Driver Security Hole

    NVIDIA Fixes Linux GPU Driver Security Hole

    Phoronix: NVIDIA Fixes Linux GPU Driver Security Hole

    Days after it was publicly revealed that a security vulnerability in the NVIDIA Linux driver easily yields root system access, NVIDIA has updated their proprietary graphics driver to address this problem...

    http://www.phoronix.com/vr.php?view=MTE1Mzk

  • crazycheese
    replied
    Originally posted by Gusar View Post
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

    Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
    Just open means everyone capable can patch, closed means only certain circle can patch. Can you follow which is easier to patch?

    Leave a comment:


  • brent
    replied
    Originally posted by airlied View Post
    So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.
    Well, in any case, it was a communication problem of some sort. Nvidia does not purposely ignore critical bug reports, they're not that stupid.

    Leave a comment:


  • adriankx
    replied
    well i am not an Nvidia fan or AMD for that matter, but i run an amd laptop because i bought it cheap if i knew intel will invest so much time in their open drivers i would have waited and got an SandyBridge machine. In my opinion amd and nvidia ignore alot of bugs that are reported directly to them and pretend they didnt hear didnt happen and so on. As i said it many times i sincerely hope Intel pulls on Haswell and IGP capable of competing with AMD and Nvidia discrete cards, like that i can finally buy a fully opensource machine.

    P.S on my desktop nvidia 8400gs card worked without a problem with any distro and driver

    Leave a comment:


  • ?John?
    replied
    About damn time, you morons!

    Originally posted by Phoronix
    Days after it was publicly revealed that they blantantly ignored a critical security vulnerability for months, NVIDIA has updated their blob to address this problem.
    So I guess we should now probably be praising them by throwing huge parties on the rooftops and making everyone we know buy truckloads of their GPUs, right?
    Last edited by ?John?; 08-06-2012, 04:42 AM.

    Leave a comment:


  • airlied
    replied
    Originally posted by brent View Post
    I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.
    No a certain someone did report and did report it to the right mail alias, thinking that would inform nvidia off the problem, hey why else would you have an advertised security alias. However it seems that nobody was informed of the problem in nvidia despsite me following their advertised procedures.

    So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.

    Dave.

    Leave a comment:


  • brent
    replied
    I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.

    Leave a comment:


  • uid313
    replied
    Originally posted by Gusar View Post
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?
    Because someone notified them of this vulnerability a month ago and they did absolutely nothing.

    So it would not be unreasonable to believe that someone else may have notified them of this (or other) issues several years ago and they have done nothing about it.

    They now have a proven track record of ignoring known vulnerabilities.

    Leave a comment:


  • Gusar
    replied
    Originally posted by uid313 View Post
    Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
    If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.
    How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?

    Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
    Last edited by Gusar; 08-04-2012, 08:09 PM.

    Leave a comment:


  • uid313
    replied
    Originally posted by Gusar View Post
    This can be said for any vulnerability in any software, so I don't know why you're pointing it out here as something special.
    Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
    If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.

    Leave a comment:

Working...
X