Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader

Luca Boccassi bluca at debian.org
Fri Mar 30 14:12:58 UTC 2018 

On Fri, 2018-03-30 at 13:10 +0100, Luca Boccassi wrote:
> On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote:
> > Control: found -1 384.111-4
> > Control: found -1 390.42-1Control: notfound -1 384.111
> > 
> > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> > > Source: nvidia-graphics-drivers
> > > Version: 384.111
> > > Severity: serious
> > > Tags: security upstream
> > > 
> > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649
> > > 
> > > CVE-2018-6249
> > > 
> > > NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> > > layer
> > > handler where a NULL pointer dereference may lead to denial of
> > > service
> > > or potential escalation of privileges.
> > > 
> > > CVE-2018-6253
> > > 
> > > NVIDIA GPU Display Driver contains a vulnerability in the DirectX
> > > and
> > > OpenGL Usermode drivers where a specially crafted pixel shader
> > > can
> > > cause infinite recursion leading to denial of service.
> > > 
> > > Fixed versions:
> > > 
> > > R390	390.46
> > > R384	384.125
> > 
> > Andreas,
> > 
> > I've tested 384.130 on Stretch and it seems to be working fine
> > (I've
> > only build-tested 390.48).
> > 
> > Is it worth going through backports or shall we just go directly to
> > stretch-p-u given the CVE?
> 
> Sounds like I spoke too soon - I only tested the non-glvnd
> installation. The glvnd one is borken (even with the symlink fix):
> 
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-
> session/gnome-session-check-accelerated-gl-helper: error while
> loading shared libraries: libGL.so.1: cannot open shared object file:
> No such file or directory 
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> check-accelerated: GL Helper exited with code 32512
> Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize
> Clutter: Unable to initialize the Clutter backend: no available
> drivers found.
> Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize
> Clutter.
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code
> 1
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' exited with code 1
> Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize
> Clutter: Unable to initialize the Clutter backend: no available
> drivers found.
> Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize
> Clutter.
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code
> 1
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-
> binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too
> quickly
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' exited with code 1
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]:
> Unrecoverable failure in required component org.gnome.Shell.desktop
> Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App
> 'org.gnome.Shell.desktop' respawning too quickly
> Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init
> server: Could not connect: Connection refused
> Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault
> at 0 ip 00007fa9db697e19 sp 00007ffebc6e5cb0 error 4 in libgtk-
> 3.so.0.2200.11[7fa9db3b5000+700000]
> 
> Did I forget to update some path? In glx-alternatives perhaps?

I had forgot to update glx-alt to the version in backports, d'oh. But
after doing so Gnome still fails to start, with a different error:

Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: No matching fbConfigs or visuals found
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: failed to load driver: swrast
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: X Error of failed request:  GLXBadContext
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Major opcode of failed request:  154 (GLX)
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Minor opcode of failed request:  6 (X_GLXIsDirect)
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Serial number of failed request:  95
Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]:   Current serial number in output stream:  94

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20180330/7effbacd/attachment.sig>

More information about the pkg-nvidia-devel mailing list