Fwd: Re: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2

To: 685116@bugs.debian.org
Cc: debian-release@lists.debian.org
Subject: Fwd: Re: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
From: Andreas Beckmann <debian@abeckmann.de>
Date: Wed, 22 Aug 2012 23:35:01 +0200
Message-id: <[🔎] 50355085.90500@abeckmann.de>
In-reply-to: <[🔎] 20120821221413.15837.97355.reportbug@cake.ae.cs.uni-frankfurt.de>
References: <[🔎] 20120821221413.15837.97355.reportbug@cake.ae.cs.uni-frankfurt.de>

Hmm, reportbug didn't manage to get this into the bug report, again, so
retrying manually ... with explicit Cc: -release@

Andreas

-------- Original Message --------
Subject: Re: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
Date: Wed, 22 Aug 2012 00:14:13 +0200
From: Andreas Beckmann <debian@abeckmann.de>
To: Debian Bug Tracking System <685116@bugs.debian.org>

Package: release.debian.org
Followup-For: Bug #685116
User: release.debian.org@packages.debian.org
Usertags: pu

Debdiff attached, this somehow got lost or forgotten ...

Andreas

diffstat for nvidia-graphics-drivers-195.36.31 nvidia-graphics-drivers-195.36.31

 changelog                                                         |    9 +++
 module/debian/patches/nvidia-blacklist-vga-pmu-registers-195.diff |   30 ++++++++++
 module/debian/patches/series                                      |    1 
 3 files changed, 40 insertions(+)

diff -Nru nvidia-graphics-drivers-195.36.31/debian/changelog nvidia-graphics-drivers-195.36.31/debian/changelog
--- nvidia-graphics-drivers-195.36.31/debian/changelog	2012-06-15 11:40:37.000000000 +0200
+++ nvidia-graphics-drivers-195.36.31/debian/changelog	2012-08-17 00:43:36.000000000 +0200
@@ -1,3 +1,12 @@
+nvidia-graphics-drivers (195.36.31-6squeeze2) stable-proposed-updates; urgency=low
+
+  * CVE-2012-4225.  (Closes: #684781)
+    Add upstream patch nvidia-blacklist-vga-pmu-registers-195.diff:
+    Fix exploitable local privilege escalation through VGA window manipulation
+    via the device nodes that allows access to arbitrary physical memory.
+
+ -- Andreas Beckmann <debian@abeckmann.de>  Fri, 17 Aug 2012 00:43:36 +0200
+
 nvidia-graphics-drivers (195.36.31-6squeeze1) stable-proposed-updates; urgency=medium
 
   * Security fix (backported from 195.36.31-7).  (Closes: #609338)
diff -Nru nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/nvidia-blacklist-vga-pmu-registers-195.diff nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/nvidia-blacklist-vga-pmu-registers-195.diff
--- nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/nvidia-blacklist-vga-pmu-registers-195.diff	1970-01-01 01:00:00.000000000 +0100
+++ nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/nvidia-blacklist-vga-pmu-registers-195.diff	2012-08-17 00:21:21.000000000 +0200
@@ -0,0 +1,30 @@
+Subject: CVE-2012-4225
+ http://nvidia.custhelp.com/app/answers/detail/a_id/3140
+Origin: upstream, ftp://download.nvidia.com/XFree86/patches/security/2012-08-01/nvidia-blacklist-vga-pmu-registers-195.diff
+Bug-Debian: http://bugs.debian.org/684781
+
+diff -ur usr/src/nv/nv.h usr/src/nv/nv.h
+--- usr/src/nv/nv.h	2012-08-02 18:19:37.000000000 -0700
++++ usr/src/nv/nv.h 2012-08-02 18:19:37.000000000 -0700
+@@ -436,7 +436,20 @@
+ 
+ #define IS_BLACKLISTED_REG_OFFSET(nv, offset, length)                          \
+              ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\
+-             (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\
++              (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
+ 
+ /* duplicated from nvos.h for external builds */
+ #ifndef NVOS_AGP_CONFIG_DISABLE_AGP
diff -Nru nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/series nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/series
--- nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/series	2012-04-13 22:10:55.000000000 +0200
+++ nvidia-graphics-drivers-195.36.31/debian/module/debian/patches/series	2012-08-17 00:17:55.000000000 +0200
@@ -1,5 +1,6 @@
 NVIDIA_kernel-260.19.34-778465.diff
 nvidia-blacklist-register-mapping-195.diff -p3
+nvidia-blacklist-vga-pmu-registers-195.diff -p3
 use-nv-kernel.o.ARCH.patch
 conditionally-include-linux_version.h.patch
 2.6.36-ioctl.patch

Reply to:

Follow-Ups:
- Bug#685116: Fwd: Re: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#685116: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
  - From: Andreas Beckmann <debian@abeckmann.de>

Prev by Date: Bug#685213: marked as done (unblock: tcltrf/2.1.4-dfsg1-1)
Next by Date: NEW changes in stable-new
Previous by thread: Bug#685116: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
Next by thread: Bug#685116: Fwd: Re: pu: package nvidia-graphics-drivers/195.36.31-6squeeze2
Index(es):
- Date
- Thread