[conspire] Video corruption on Xubunu/Nvidia (was: Happy New Preferred Application!)

Rick Moen rick at linuxmafia.com
Sun Jan 10 13:21:47 PST 2021 

I wrote:

[switching from the open-source 'nouveau' driver to Nvidia's proprietary
driver set:]

> There's a reasonable chance that making that change (and rebooting) will
> make your problem go away.  (To be clear, the problem is that Nvidia
> Corporation is notoriously _uncooperative_ with the open source
> community, such that each Nvidia video chip is a big challenge for the
> open source coders, requiring years of work to reverse-engineer and
> develop good drivers for.

Just one additional point:

As if on cue, this news item emerged:
https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-2021-Driver-CVEs

  NVIDIA Windows/Linux Graphics Drivers Hit By A Series Of Security
  Vulnerabilities
  Written by Michael Larabel in NVIDIA on 10 January 2021 at 06:10 AM EST.

  NVIDIA -- With this week's R460 driver release also comes a number of
  security updates. Several security issues have been patched in both the
  NVIDIA Windows and Linux graphics driver components. 

  The set of 2021 CVEs "addresses issues that may lead to denial of
  service, escalation of privileges, data tampering, or information
  disclosure." 

  Among the vulnerabilities are a kernel ioctl through which user-mode
  clients can access legacy privileged APIs, the kernel driver not
  completely honoring file-system permissions for GPU device-level
  isolation, and several more vGPU software vulnerabilities. 

  The Linux driver vulnerabilities have been fixed in 460.32.03 /
  450.102.04 while a legacy Linux driver update is also expected in about
  one week to fix the issues there. 

  More details on these NVIDIA graphics driver vulnerabilities via the
  NVIDIA help section.

(For those who don't speak security, these are quite serious security
problems in Nvidia's kernel code getting the 'Oops!' treatment.)

This is a reminder that inserting Nvidia's proprietary junk into your
kernelspace notoriously adds dangerous, security-threatening bugs into
your running system, _much_ worse than what, on balance, one gets with
open source.  Rationally, one resorts to proprietary hardware drivers on
Linux only as a last resort, on a theory that the hardware company
engineers' knowledge of hardware secret-sauce knowledge will make some
deal-breaker problem go away -- but there's always a cost.

More information about the conspire mailing list