NVIDIA Fixes Linux GPU Driver Security Hole

**phoronix** · 08-04-2012, 12:50 PM

Phoronix: NVIDIA Fixes Linux GPU Driver Security Hole

Days after it was publicly revealed that a security vulnerability in the NVIDIA Linux driver easily yields root system access, NVIDIA has updated their proprietary graphics driver to address this problem...

http://www.phoronix.com/vr.php?view=MTE1Mzk

**Gusar** · 08-04-2012, 02:39 PM

Cool. The blue tint in games is also fixed, at least according to the changelog, I haven't installed it yet to personally check.

**Xake** · 08-04-2012, 02:51 PM

Originally Posted by Gusar

Cool. The blue tint in games is also fixed, at least according to the changelog, I haven't installed it yet to personally check.

Confirmed, the blue tint is gone here with XBMC.

**adriankx** · 08-04-2012, 05:17 PM

i would like to see this kind of fast response for amd. I think they`ll fix 12.6 driver in like 3 months not a few days.

**ssvb** · 08-04-2012, 05:23 PM

Originally Posted by adriankx

i would like to see this kind of fast response for amd. I think they`ll fix 12.6 driver in like 3 months not a few days.

Don't forget that NVIDIA apparently did not give a shit until this security issue got publicly disclosed: "I was given this anonymously, it has been sent to nvidia over a month ago with no reply or advisory and the original author wishes to remain anonymous but would like to have the exploit published at this time, so I said I'd post it for them."

And only then they pulled their act together

**Gusar** · 08-04-2012, 05:32 PM

@ssvb: You're totally right about the security issue, but it's possible adriankx is talking about the blue tint. That one did get fixed really, really fast. Of course it's also possible that if the security thing didn't force them to release a driver right now, we wouldn't get a blue tint fix this fast

**josian_220** · 08-04-2012, 05:45 PM

Fedora users will be likely to get this version soon, I'm currently using 304.30 with stable rpmfusion repos.

**uid313** · 08-04-2012, 05:48 PM

Nvidia have known about this security vulnerability for a month without doing anything.
They were notified of this security vulnerability and totally ignored it and did absolutely nothing!

Then the guy who notified them about it, contacted David Airlie about who publically announced it and only then Nvidia decided to fix it.
How long have the driver suffered from this security vulnerability?

This could have been found by an independent security researcher years ago. This may have been used for years to attack computers.

**Gusar** · 08-04-2012, 06:03 PM

Originally Posted by uid313

How long have the driver suffered from this security vulnerability?

This could have been found by an independent security researcher years ago. This may have been used for years to attack computers.

This can be said for any vulnerability in any software, so I don't know why you're pointing it out here as something special.

**uid313** · 08-04-2012, 06:42 PM

Originally Posted by Gusar

This can be said for any vulnerability in any software, so I don't know why you're pointing it out here as something special.

Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.

Thread: NVIDIA Fixes Linux GPU Driver Security Hole

Thread Tools

Search Thread

Display

NVIDIA Fixes Linux GPU Driver Security Hole

Vulnerable for years?

Posting Permissions