Two vulnerabilities have been reported in the NVIDIA CUDA Toolkit Developer Drivers for Linux, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerabilities are caused due to the "cudaHostAlloc()" and "cuMemHostAlloc()" API calls returning uncleared pinned memory, which can be exploited to disclose potentially sensitive memory contents. The vulnerabilities are reported in NVIDIA CUDA Toolkit 3.2 Developer Drivers for Linux version 260.19.26 (64Bit). Other versions may also be affected.
CVE-2011-0636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0636): The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.
All evil versions removed from tree. +*nvidia-cuda-toolkit-5.0.35 (14 Jan 2013) +*nvidia-cuda-toolkit-4.2.9-r1 (14 Jan 2013) + + 14 Jan 2013; Justin Lecher <jlec@gentoo.org> -nvidia-cuda-toolkit-3.2.ebuild, + +nvidia-cuda-toolkit-4.2.9-r1.ebuild, +nvidia-cuda-toolkit-5.0.35.ebuild, + +files/cuda-config.in, metadata.xml: + Version Bump, #446072 and #451972; fine grad what msg we are showing, + #440434; support prefix installations, #405317; drop old, #351702; take the + package +
Thanks, everyone. GLSA vote: no.
NO too, closing.