Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
Luca Boccassi
bluca at debian.org
Fri Mar 30 12:10:29 UTC 2018
On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote:
> Control: found -1 384.111-4
> Control: found -1 390.42-1Control: notfound -1 384.111
>
> On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> > Source: nvidia-graphics-drivers
> > Version: 384.111
> > Severity: serious
> > Tags: security upstream
> >
> > http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> >
> > CVE-2018-6249
> >
> > NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> > layer
> > handler where a NULL pointer dereference may lead to denial of
> > service
> > or potential escalation of privileges.
> >
> > CVE-2018-6253
> >
> > NVIDIA GPU Display Driver contains a vulnerability in the DirectX
> > and
> > OpenGL Usermode drivers where a specially crafted pixel shader can
> > cause infinite recursion leading to denial of service.
> >
> > Fixed versions:
> >
> > R390 390.46
> > R384 384.125
>
> Andreas,
>
> I've tested 384.130 on Stretch and it seems to be working fine (I've
> only build-tested 390.48).
>
> Is it worth going through backports or shall we just go directly to
> stretch-p-u given the CVE?
Sounds like I spoke too soon - I only tested the non-glvnd
installation. The glvnd one is borken (even with the symlink fix):
Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-session/gnome-session-check-accelerated-gl-helper: error while loading shared libraries: libGL.so.1: cannot open shared object file: No such file or directory
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-check-accelerated: GL Helper exited with code 32512
Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found.
Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter.
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found.
Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter.
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: Unrecoverable failure in required component org.gnome.Shell.desktop
Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly
Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init server: Could not connect: Connection refused
Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault at 0 ip 00007fa9db697e19 sp 00007ffebc6e5cb0 error 4 in libgtk-3.so.0.2200.11[7fa9db3b5000+700000]
Did I forget to update some path? In glx-alternatives perhaps?
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20180330/fcc8c5d9/attachment.sig>
More information about the pkg-nvidia-devel
mailing list