/[gentoo-x86]/x11-drivers/nvidia-drivers/files/nvidia-blacklist-vga-pmu-registers-256-304.diff
Gentoo

Contents of /x11-drivers/nvidia-drivers/files/nvidia-blacklist-vga-pmu-registers-256-304.diff

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Sun Aug 5 22:43:04 2012 UTC (2 years, 1 month ago) by cardoe
Branch: MAIN
File MIME type: text/plain
Fix CVE-2012-xxxx. With access to /dev/nvidia* a malicious user could exploit the VGA window size to read/write from kernel memory and gain root access.

(Portage version: 2.1.10.65/cvs/Linux x86_64)

1 diff -ur kernel/nv.h kernel/nv.h
2 --- kernel/nv.h 2012-08-02 18:19:37.000000000 -0700
3 +++ kernel/nv.h 2012-08-02 18:19:37.000000000 -0700
4 @@ -448,7 +448,20 @@
5
6 #define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) \
7 ((IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1000, 0x1000, offset, length)) ||\
8 - (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
9 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x84000, 0x1000, offset, length)) ||\
10 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x85000, 0x1000, offset, length)) ||\
11 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x86000, 0x1000, offset, length)) ||\
12 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x87000, 0x1000, offset, length)) ||\
13 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x89000, 0x1000, offset, length)) ||\
14 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0xa0000, 0x20000, offset, length)) ||\
15 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x104000, 0x1000, offset, length)) ||\
16 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x105000, 0x1000, offset, length)) ||\
17 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x10a000, 0x1000, offset, length)) ||\
18 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c2000, 0x1000, offset, length)) ||\
19 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x1c3000, 0x1000, offset, length)) ||\
20 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x618000, 0x2000, offset, length)) ||\
21 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x627000, 0x1000, offset, length)) ||\
22 + (IS_REG_RANGE_WITHIN_MAPPING(nv, 0x700000, 0x100000, offset, length)))
23
24 /* duplicated from nvos.h for external builds */
25 #ifndef NVOS_AGP_CONFIG_DISABLE_AGP

  ViewVC Help
Powered by ViewVC 1.1.20