This issue is listed publically as CVE-2012-4225.
NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.
Because any user with read and write access to the NVIDIA device files (which is needed to execute applications that use the GPU) could potentially exploit this vulnerability to gain access to arbitrary system memory, this vulnerability is classified as high risk by NVIDIA.
NVIDIA is resolving this problem by blocking user-space access to registers that control redirection of the VGA window. Further, NVIDIA is also blocking user-space access to registers that control GPU-internal microcontrollers, which could be used to achieve a similar exploit.
NVIDIA is committed to security and is working on more robust solutions to prevent malicious manipulations of GPUs.
NVIDIA has released updated UNIX graphics drivers 295.71 and 304.32, which contain the fix.
The 295.71 driver is available for download at the NVIDIA FTP site:
32-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86/295.71/
64-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86_64/295.71/
32-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86/295.71/
64-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86_64/295.71/
The 304.32 driver is also available for download at the NVIDIA FTP site:
32-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86/304.32/
64-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86_64/304.32/
32-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86/304.32/
64-bit FreeBSD: ftp://download.nvidia.com/XFree86/FreeBSD-x86_64/304.32/
Additionally, a patch to the kernel interface layer of the NVIDIA kernel module is available, which can be used to patch older drivers, if necessary. Note that the Linux CUDA debugger will not work with older drivers if the patch is applied, though the Linux CUDA debugger will work properly with 295.71 and 304.32.
The patch and instructions on how to apply it are available at ftp://download.nvidia.com/XFree86/patches/security/2012-08-01/.
NVIDIA provides a technical contact for information about potential security issues. Anyone who has identified what they believe to be a security issue with an NVIDIA UNIX driver is encouraged to directly contact the NVIDIA UNIX Graphics Driver security email alias, firstname.lastname@example.org, to report and evaluate any potential issues prior to publishing a public security advisory.