FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  523158
Date:      2020-01-15
Time:      20:23:39Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b91234e7-9a8b-11e1-b666-001636d274f3	NVIDIA UNIX driver -- access to arbitrary system memory NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory. NVIDIA is not aware of any reports of this vulnerability, outside of the disclosure which was made privately to NVIDIA. NVIDIA has identified the root cause of the vulnerability and has released updated drivers which close it. [NVIDIA encourages] all users with Geforce 8 or newer, G80 Quadro or newer, and all Tesla GPUs to update their drivers to 295.40 or later. Later, it was additionally discovered that similar exploit could be achieved through remapping of VGA window: NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges. Discovery 2012-03-20 Entry 2012-05-10 Modified 2012-09-12 nvidia-driver gt 173.14.35_2 lt 295.71 gt 96.43.20_3 lt 173.14.35 gt 71.86.15_3 lt 96.43.20_2 lt 71.86.15_2 CVE-2012-0946 CVE-2012-4225
fdf72a0e-8371-11e4-bc20-001636d274f3	NVIDIA UNIX driver -- remote denial of service or arbitrary code execution NVIDIA Unix security team reports: The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298). Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Discovery 2014-12-03 Entry 2014-12-14 nvidia-driver lt 340.65 nvidia-driver-304 lt 304.125 nvidia-driver-173 le 173.14.35_3 nvidia-driver-96 le 96.43.23_2 nvidia-driver-71 le 71.86.15_4 CVE-2014-8298 CVE-2014-8093 CVE-2014-8098

VuXML ID

Description

b91234e7-9a8b-11e1-b666-001636d274f3

NVIDIA UNIX driver -- access to arbitrary system memory

NVIDIA Unix security team reports:

Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary system memory. NVIDIA is not aware of any reports of this vulnerability, outside of the disclosure which was made privately to NVIDIA.

NVIDIA has identified the root cause of the vulnerability and has released updated drivers which close it. [NVIDIA encourages] all users with Geforce 8 or newer, G80 Quadro or newer, and all Tesla GPUs to update their drivers to 295.40 or later.

Later, it was additionally discovered that similar exploit could be achieved through remapping of VGA window:

NVIDIA received notification of a security exploit that uses NVIDIA UNIX device files to map and program registers to redirect the VGA window. Through the VGA window, the exploit can access any region of physical system memory. This arbitrary memory access can be further exploited, for example, to escalate user privileges.

Discovery 2012-03-20
Entry 2012-05-10
Modified 2012-09-12
nvidia-driver

gt 173.14.35_2 lt 295.71

gt 96.43.20_3 lt 173.14.35

gt 71.86.15_3 lt 96.43.20_2

lt 71.86.15_2

CVE-2012-0946
CVE-2012-4225

fdf72a0e-8371-11e4-bc20-001636d274f3

NVIDIA UNIX driver -- remote denial of service or arbitrary code execution

NVIDIA Unix security team reports:

The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).

Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

Discovery 2014-12-03
Entry 2014-12-14
nvidia-driver

lt 340.65

nvidia-driver-304

lt 304.125

nvidia-driver-173

le 173.14.35_3

nvidia-driver-96

le 96.43.23_2

nvidia-driver-71

le 71.86.15_4

CVE-2014-8298
CVE-2014-8093
CVE-2014-8098