Many Linux users praise Nvidia’s driver support for their operating system of choice, but perhaps not everything is rosy with Nvidia in penguin land. A new advisory by security firm Rapid7 says Nvidia’s binary graphics drivers for Linux are vulnerable to a buffer overflow that allows a remote attacker to seize admin privileges and run arbitrary code. More worrying is the advisory‘s statement that the hole was first reported all the way back in 2004. Chad Loder, Rapid7’s Manager of Engineering, told KernelTrap the bug has “probably existed even longer.” However, Rapid7’s first record of Nvidia directly acknowledging the bug dates back to July of this year, and Nvidia’s latest Linux drivers are still vulnerable. The advisory says Nvidia’s FreeBSD and Solaris drivers are “probably vulnerable,” as well.
Users of those operating systems are advised to disable the Nvidia binary driver and instead use the open-source “nv” driver included with the X windowing system by default. Loder says he expects—or hopes—Nvidia will plug the hole “quickly” now that it has been publicly announced.