Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory. NVIDIA is not aware of any reports of this vulnerability, outside of the disclosure which was made privately to NVIDIA.
The default file permissions on the GPU device nodes grant read and write access to all users. The permissions are configurable, but even on systems where the device node permissions are restricted, read and write access must be granted to any users who need to run applications that perform GLX direct rendering, or use the GPU to run computations through APIs like CUDA or OpenCL. Because any user with read and write access to the GPU device nodes could potentially exploit this vulnerability to gain access to system memory that would normally be inaccessible to that user, this vulnerability has been classified as high risk by NVIDIA.
NVIDIA has identified the root cause of the vulnerability and has released updated drivers which close it. The 295.40 and newer drivers for Linux, Solaris, and FreeBSD contain the fix for this issue, and we encourage all users with Geforce 8 or newer, G80 Quadro or newer, and all Tesla GPUs to update their drivers to 295.40 or later. Additionally, a patch to the kernel interface layer of the NVIDIA Linux kernel module is available, which can be used to patch older drivers, if necessary. The patch and instructions on how to apply it are available at ftp://download.nvidia.com/XFree86/patches/security/CVE-2012-0946. Driver 295.40 and newer already have the patch applied: if it is installed, then no further action is necessary.
The Linux CUDA debugger will no longer work after applying the security patch. An updated CUDA library is required in order to use the CUDA debugger with a driver which has had this vulnerability closed. The CUDA library distributed with 295.40 and newer contain the changes necessary for proper operation of the CUDA debugger.
NVIDIA provides a technical contact to security firms to inform us of potential security issues. We encourage anyone that has identified what they believe to be a security issue with an NVIDIA driver to directly contact our UNIX Graphics Driver security email alias, email@example.com, to report and evaluate any potential issues prior to publishing a public security advisory.
We look forward to continuing to work with the professional security community to make our driver more robust and secure.