Many Linux users praise Nvidia's driver support for their operating system of choice, but perhaps not everything is rosy with Nvidia in penguin land. A new advisory by security firm Rapid7 says Nvidia's binary graphics drivers for Linux are vulnerable to a buffer overflow that allows a remote attacker to seize admin privileges and run arbitrary code. More worrying is the advisory's statement that the hole was first reported all the way back in 2004. Chad Loder, Rapid7's Manager of Engineering, told KernelTrap the bug has "probably existed even longer." However, Rapid7's first record of Nvidia directly acknowledging the bug dates back to July of this year, and Nvidia's latest Linux drivers are still vulnerable. The advisory says Nvidia's FreeBSD and Solaris drivers are "probably vulnerable," as well.
Users of those operating systems are advised to disable the Nvidia binary driver and instead use the open-source "nv" driver included with the X windowing system by default. Loder says he expects—or hopes—Nvidia will plug the hole "quickly" now that it has been publicly announced.
|Aerocool's Project 7 P7-C1 Pro case reviewed||7|
|Google Project Tango is dead—long live ARCore||9|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||24|
|Antec P110 Silent touts quiet looks and quiet operation||11|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||19|
|Monkey Day Shortbread||14|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||6|