LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-06-2017, 01:36 PM   #1
LenHoff
Member
 
Registered: Mar 2017
Posts: 73

Rep: Reputation: Disabled
Does Nvidia driver update apply only to specific Linux kernel versions


Information is a little sparse & for future reference I'm trying to understand info listed in Mint updater (or how Nvidia's security info is presented).

Mint's updater - nvidia-graphics-drivers-340 (340.102-0ubuntu0.16.04.1) xenial, cites CVE-2017-0318 (LP: #1659586). Which I read https://nvd.nist.gov/vuln/detail/CVE...scriptionTitle.

Mint's updater also indicates 340.102 applied patches to kernel 4.9. & 4.10., but it doesn't indicate if CVE-2017-0318 applies to earlier kernel versions. (Again, trying to understand how this data is presented).

Find Nvidia's page for CVE-2017-0318 (LP: #1659586) - here: http://www.nvidia.com/object/product-security.html, and the link that includes info on CVE-2017-0318 (http://nvidia.custhelp.com/app/answers/detail/a_id/4398)...

...it also mentions *CVE-2017-0309,* further down the page (http://nvidia.custhelp.com/app/answers/detail/a_id/4398) under "Affected Products" - appears to affect Linux + (in my case) GeForce.

But CVE-0309 isn't mentioned anywhere else for the 340.102 driver (that I see), but the table on Nvidia's site seems to indicate CVE-0309 also affected GeForce running the 340.x driver branch.
Really can't make sense of it.
Maybe -0309 applies to an earlier driver series - before 340.x? - but how to decipher this data?

I can't tell if CVE-2017-0309 applies to GeForce *and* kernel 4.40.x. Did Mint updater just leave out info on CVE -0309 and / or which kernels are affected, or are kernel versions irrelevant here?

The Nvidia table farther down on http://nvidia.custhelp.com/app/answers/detail/a_id/4398, for "Fixes > Linux", lists Products (specifically GeForce), the OS and "1st Version Including the Fix."
I don't know which driver branches listed apply to GeForce. It appears possibly all? IF SO, why isn't CVE-2017-0309 mentioned in the 340.102 update?

Do ALL the CVEs at top of that page (incl. 2017-0309) apply to ALL GeForce, using any of the 5 listed driver branches: R378, R375, R340, R304?

Thanks.
 
Old 07-07-2017, 08:09 PM   #2
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
Because it's an upstream fix. Nvidia uses unified driver architecture. So, if it fixes the driver all the drivers are fixed. But you might want to just copy and paste your post to the nVidia forum on nVidia.com.
 
Old 07-18-2017, 01:47 PM   #3
LenHoff
Member
 
Registered: Mar 2017
Posts: 73

Original Poster
Rep: Reputation: Disabled
AwesomeMachine,
You may be right, but "if it fixes the driver all the drivers are fixed," seems cloudy whether all newer unified drivers would affect all older devices, making it pointless to update, in some cases.

I'll try Nvidia forum or support.
Lots of new drivers state the changes & fixes only apply to certain features - not just for Nvidia.

All "GFX" models may technically use the same 340.xx driver series, but some driver changes may only affect later or higher end models. Mfg's explanations are often confusing.
 
Old 07-18-2017, 04:25 PM   #4
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,513

Rep: Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009Reputation: 1009
The idea is to fix the vulnerability for all currently supported and affected devices. Nvidia is not going to fix the problem for only some of its supported products. If the fix is still needed in driver updates--which it may or may not be--nvidia must include it for all the affected devices.

Otherwise they'd get a horrible reputation! Newer driver versions don't support the oldest devices of older driver versions. If the driver is fixed, it's fixed for all the devices it supports. Anything else would be sheer chaos!

The same version of the driver receives numerous updates. So, it's not only later versions that are updated. And, unless you are at risk for the type of attack in CVE-2017-0318, then I wouldn't worry about it, because you must be specifically targeted for it to happen.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
booting issue after nvidia driver install and latest kernel update vblanton Fedora 7 11-28-2015 04:42 PM
Kernel update available, and NVidia driver installed ... how to proceed? mind_exploit Linux - Software 1 02-22-2013 05:46 AM
Download NVIDIA driver from the command line after kernel update? damgar Linux - General 4 11-20-2009 08:12 AM
kernel 2.6.24 in -current requires NVIDIA driver update TNWestTex Slackware 4 03-12-2008 02:04 PM
INstalling Kernel Headers to update nvidia driver plbowler Mandriva 5 09-14-2006 11:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration