Two vulnerabilities have been reported in the NVIDIA CUDA Toolkit / Graphics Drivers for Linux, which can be exploited by malicious, local users to disclose potentially sensitive information.
The vulnerabilities are caused due to the "cudaHostAlloc()" and "cuMemHostAlloc()" API calls returning uncleared pinned memory, which can be exploited to disclose potentially sensitive memory contents.
The vulnerabilities are reported in NVIDIA CUDA Toolkit 3.2 Developer Drivers for Linux version 260.19.26 (64Bit) and the NVIDIA Graphics Drivers for Linux prior to version 260.19.36. Other versions may also be affected.
Solution: Update to NVIDIA Graphics Drivers for Linux version 260.19.36 or apply the patch.
Original Advisory: Alex Granovsky:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: NVIDIA CUDA Toolkit / Graphics Drivers for Linux Memory Disclosure
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.