Security vulnerability in NVIDIA's proprietary Linux drivers fixed
A new version of NVIDIA's proprietary UNIX graphics drivers for Linux, Solaris and FreeBSD fixes a security vulnerability (CVE-2012-0946) that allowed attackers to read and write arbitrary system memory in order to, for example, obtain root privileges. To take advantage of the vulnerability, an attacker must have access permission for some device files – which, for systems with these drivers, is typically the case for users who can launch a graphical interface as 3D acceleration and some other features cannot be used otherwise.
Version 295.40 of the driver corrects this problem; for older drivers whose version numbers start with 195, 256 to 285, or 290 to 295, NVIDIA has made patches available that change the vulnerable part of the kernel module belonging to the driver. Users who update the driver with this patch and use the CUDA debugger will also need to update the CUDA library before the debugger can work again.