Security vulnerability in NVIDIA's proprietary Linux drivers fixed
A new version of NVIDIA's proprietary UNIX graphics drivers for Linux, Solaris and FreeBSD fixes a security vulnerability (CVE-2012-0946) that allowed attackers to read and write arbitrary system memory in order to, for example, obtain root privileges. To take advantage of the vulnerability, an attacker must have access permission for some device files – which, for systems with these drivers, is typically the case for users who can launch a graphical interface as 3D acceleration and some other features cannot be used otherwise.
Version 295.40 of the driver corrects this problem; for older drivers whose version numbers start with 195, 256 to 285, or 290 to 295, NVIDIA has made patches available that change the vulnerable part of the kernel module belonging to the driver. Users who update the driver with this patch and use the CUDA debugger will also need to update the CUDA library before the debugger can work again.
NVIDIA has categorised the security hole as "high risk" and recommends that users update to the new version if they use the drivers with GeForce 8, G80 Quadro graphics cards, or newer models from those lines. The company has not confirmed whether the problem also exists for older graphics card models or legacy drivers (such as the 173 line).