Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On 2018-04-05 01:57, Luca Boccassi wrote: > Gah, of course I had libglvnd from bpo. I always, always forget to > remove it when moving back and forth... > > Sorry for the noise, works fine after removing those. But why doesn't it work with src:libglvnd from backports - it works fine on sid (where src:libglvnd is the only choice), doesn't it? There haven't been any glvnd symbol changes recently. Probably postpone investigation until we have a 390.48 backport ... > Do you need any help with these uploads? Would you like me to create > the tickets for the release team, or do the upload to unstable of 390? I had more time today than planned :-( All done :-) Andreas
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On Wed, 2018-04-04 at 00:25 +0200, Andreas Beckmann wrote: > On 2018-03-30 16:20, Luca Boccassi wrote: > > It's due to the updated glx-alternative-foo sets the libGL.so.1 > > symlink > > to Mesa, even when update-glx --glx nvidia is used: > > > > lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx > > --libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux- > > gnu/libGL.so.1 > > lrwxrwxrwx 1 root root 50 Mar 30 15:02 /etc/alternatives/glx > > --libGL.so.1-x86_64-linux-gnu -> /usr/lib/mesa-diverted/x86_64- > > linux-gnu/libGL.so.1 > > Is this with the libglvnd libgl1 from stretch-backports installed? > Then > this is intentional. > If backports breaks after updating stable, let's fix backports, not > stable, > > > I guess that was done for glvnd? But this happens with the stretch- > > backports version too, is that right? > > I'm not sure what the problem is here exactly ... and how to > reproduce > it in a minimal stretch chroot ... > > > Changing those symlinks manually to the nvidia version fixes the > > problem. > > Pointing to what? Gah, of course I had libglvnd from bpo. I always, always forget to remove it when moving back and forth... Sorry for the noise, works fine after removing those. Do you need any help with these uploads? Would you like me to create the tickets for the release team, or do the upload to unstable of 390? -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On 2018-04-03 22:17, Luca Boccassi wrote: > Shouldn't this be reverted too: > > https://salsa.debian.org/nvidia-team/glx-alternatives/commit/30014d629d71ae2400a0aae8533089daec23d8c9 No, this should do the right thing on stretch, too. The old code in stretch is broken in some corner cases. Andreas
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On 2018-03-30 16:20, Luca Boccassi wrote: > It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink > to Mesa, even when update-glx --glx nvidia is used: > > lrwxrwxrwx 1 root root 48 Mar 30 15:02 > /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> > /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1 > lrwxrwxrwx 1 root root 50 Mar 30 15:02 > /etc/alternatives/glx--libGL.so.1-x86_64-linux-gnu -> > /usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1 Is this with the libglvnd libgl1 from stretch-backports installed? Then this is intentional. If backports breaks after updating stable, let's fix backports, not stable, > I guess that was done for glvnd? But this happens with the stretch- > backports version too, is that right? I'm not sure what the problem is here exactly ... and how to reproduce it in a minimal stretch chroot ... > Changing those symlinks manually to the nvidia version fixes the > problem. Pointing to what? Andreas BTW, is 390.48 compatible with libglvnd in testing?
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On Tue, 2018-04-03 at 21:33 +0200, Andreas Beckmann wrote: > On 2018-03-30 16:20, Luca Boccassi wrote: > > Andreas, what should we do here for Stretch? If we update stretch > > to > > 384.130 we'll need the new glx-alternative too as they updated the > > SONAMEs (a bit strange for an LTS branch), but as-is it will be > > borken, > > unless I'm missing something. > > I prepared a stretch update for glx-alternatives in branch stretch. > > > Andreas Shouldn't this be reverted too: https://salsa.debian.org/nvidia-team/glx-alternatives/commit/30014d629d71ae2400a0aae8533089daec23d8c9 Or another solution found? As it is right now, it won't work in stretch as mentioned in my previous mail -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On 2018-03-30 16:20, Luca Boccassi wrote: > Andreas, what should we do here for Stretch? If we update stretch to > 384.130 we'll need the new glx-alternative too as they updated the > SONAMEs (a bit strange for an LTS branch), but as-is it will be borken, > unless I'm missing something. I prepared a stretch update for glx-alternatives in branch stretch. Andreas
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On Fri, 2018-03-30 at 15:12 +0100, Luca Boccassi wrote: > On Fri, 2018-03-30 at 13:10 +0100, Luca Boccassi wrote: > > On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote: > > > Control: found -1 384.111-4 > > > Control: found -1 390.42-1Control: notfound -1 384.111 > > > > > > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote: > > > > Source: nvidia-graphics-drivers > > > > Version: 384.111 > > > > Severity: serious > > > > Tags: security upstream > > > > > > > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649 > > > > > > > > CVE-2018-6249 > > > > > > > > NVIDIA GPU Display Driver contains a vulnerability in kernel > > > > mode > > > > layer > > > > handler where a NULL pointer dereference may lead to denial of > > > > service > > > > or potential escalation of privileges. > > > > > > > > CVE-2018-6253 > > > > > > > > NVIDIA GPU Display Driver contains a vulnerability in the > > > > DirectX > > > > and > > > > OpenGL Usermode drivers where a specially crafted pixel shader > > > > can > > > > cause infinite recursion leading to denial of service. > > > > > > > > Fixed versions: > > > > > > > > R390390.46 > > > > R384384.125 > > > > > > Andreas, > > > > > > I've tested 384.130 on Stretch and it seems to be working fine > > > (I've > > > only build-tested 390.48). > > > > > > Is it worth going through backports or shall we just go directly > > > to > > > stretch-p-u given the CVE? > > > > Sounds like I spoke too soon - I only tested the non-glvnd > > installation. The glvnd one is borken (even with the symlink fix): > > > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome- > > session/gnome-session-check-accelerated-gl-helper: error while > > loading shared libraries: libGL.so.1: cannot open shared object > > file: > > No such file or directory > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > > check-accelerated: GL Helper exited with code 32512 > > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to > > initialize > > Clutter: Unable to initialize the Clutter backend: no available > > drivers found. > > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to > > initialize > > Clutter. > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with > > code > > 1 > > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: > > App > > 'org.gnome.Shell.desktop' exited with code 1 > > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to > > initialize > > Clutter: Unable to initialize the Clutter backend: no available > > drivers found. > > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to > > initialize > > Clutter. > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with > > code > > 1 > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too > > quickly > > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: > > App > > 'org.gnome.Shell.desktop' exited with code 1 > > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: > > Unrecoverable failure in required component org.gnome.Shell.desktop > > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: > > App > > 'org.gnome.Shell.desktop' respawning too quickly > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init > > server: Could not connect: Connection refused > > Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: > > segfault > > at 0 ip 7fa9db697e19 sp 7ffebc6e5cb0 error 4 in libgtk- > > 3.so.0.2200.11[7fa9db3b5000+70] > > > > Did I forget to update some path? In glx-alternatives perhaps? > > I had forgot to update glx-alt to the version in backports, d'oh. But > after doing so Gnome still fails to start, with a different error: > > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL > error: No matching fbConfigs or visuals found > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL > error: failed to load driver: swrast > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: X Error > of failed request: GLXBadContext > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Major > opcode of failed request: 154 (GLX) > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Minor > opcode of failed request: 6 (X_GLXIsDirect) > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Serial > number of failed request: 95 > Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Current > serial number in output stream: 94 It's due to the updated glx-alternative-foo sets the libGL.so.1 symlink to Mesa, even when update-glx --glx nvidia is used: lrwxrwxrwx 1 root root 48 Mar 30 15:02 /etc/alternatives/glx--libGL.so.1-i386-linux-gnu -> /usr/lib/mesa-diverted/i386-linux-gnu/libGL.so.1
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On Fri, 2018-03-30 at 13:10 +0100, Luca Boccassi wrote: > On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote: > > Control: found -1 384.111-4 > > Control: found -1 390.42-1Control: notfound -1 384.111 > > > > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote: > > > Source: nvidia-graphics-drivers > > > Version: 384.111 > > > Severity: serious > > > Tags: security upstream > > > > > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649 > > > > > > CVE-2018-6249 > > > > > > NVIDIA GPU Display Driver contains a vulnerability in kernel mode > > > layer > > > handler where a NULL pointer dereference may lead to denial of > > > service > > > or potential escalation of privileges. > > > > > > CVE-2018-6253 > > > > > > NVIDIA GPU Display Driver contains a vulnerability in the DirectX > > > and > > > OpenGL Usermode drivers where a specially crafted pixel shader > > > can > > > cause infinite recursion leading to denial of service. > > > > > > Fixed versions: > > > > > > R390 390.46 > > > R384 384.125 > > > > Andreas, > > > > I've tested 384.130 on Stretch and it seems to be working fine > > (I've > > only build-tested 390.48). > > > > Is it worth going through backports or shall we just go directly to > > stretch-p-u given the CVE? > > Sounds like I spoke too soon - I only tested the non-glvnd > installation. The glvnd one is borken (even with the symlink fix): > > Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome- > session/gnome-session-check-accelerated-gl-helper: error while > loading shared libraries: libGL.so.1: cannot open shared object file: > No such file or directory > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > check-accelerated: GL Helper exited with code 32512 > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize > Clutter: Unable to initialize the Clutter backend: no available > drivers found. > Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize > Clutter. > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code > 1 > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App > 'org.gnome.Shell.desktop' exited with code 1 > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize > Clutter: Unable to initialize the Clutter backend: no available > drivers found. > Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize > Clutter. > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code > 1 > Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session- > binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too > quickly > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App > 'org.gnome.Shell.desktop' exited with code 1 > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: > Unrecoverable failure in required component org.gnome.Shell.desktop > Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App > 'org.gnome.Shell.desktop' respawning too quickly > Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init > server: Could not connect: Connection refused > Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault > at 0 ip 7fa9db697e19 sp 7ffebc6e5cb0 error 4 in libgtk- > 3.so.0.2200.11[7fa9db3b5000+70] > > Did I forget to update some path? In glx-alternatives perhaps? I had forgot to update glx-alt to the version in backports, d'oh. But after doing so Gnome still fails to start, with a different error: Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: No matching fbConfigs or visuals found Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: libGL error: failed to load driver: swrast Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: X Error of failed request: GLXBadContext Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Major opcode of failed request: 154 (GLX) Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Minor opcode of failed request: 6 (X_GLXIsDirect) Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Serial number of failed request: 95 Mar 30 15:10:49 luca-desktop org.gnome.Shell.desktop[1209]: Current serial number in output stream: 94 -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
On Thu, 2018-03-29 at 12:54 +0100, Luca Boccassi wrote: > Control: found -1 384.111-4 > Control: found -1 390.42-1Control: notfound -1 384.111 > > On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote: > > Source: nvidia-graphics-drivers > > Version: 384.111 > > Severity: serious > > Tags: security upstream > > > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649 > > > > CVE-2018-6249 > > > > NVIDIA GPU Display Driver contains a vulnerability in kernel mode > > layer > > handler where a NULL pointer dereference may lead to denial of > > service > > or potential escalation of privileges. > > > > CVE-2018-6253 > > > > NVIDIA GPU Display Driver contains a vulnerability in the DirectX > > and > > OpenGL Usermode drivers where a specially crafted pixel shader can > > cause infinite recursion leading to denial of service. > > > > Fixed versions: > > > > R390390.46 > > R384384.125 > > Andreas, > > I've tested 384.130 on Stretch and it seems to be working fine (I've > only build-tested 390.48). > > Is it worth going through backports or shall we just go directly to > stretch-p-u given the CVE? Sounds like I spoke too soon - I only tested the non-glvnd installation. The glvnd one is borken (even with the symlink fix): Mar 30 12:57:41 luca-desktop gnome-session[1152]: /usr/lib/gnome-session/gnome-session-check-accelerated-gl-helper: error while loading shared libraries: libGL.so.1: cannot open shared object file: No such file or directory Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-check-accelerated: GL Helper exited with code 32512 Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found. Mar 30 12:57:41 luca-desktop gnome-shell[1173]: Unable to initialize Clutter. Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1 Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1 Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter: Unable to initialize the Clutter backend: no available drivers found. Mar 30 12:57:41 luca-desktop gnome-shell[1176]: Unable to initialize Clutter. Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1 Mar 30 12:57:41 luca-desktop gnome-session[1152]: gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' exited with code 1 Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: Unrecoverable failure in required component org.gnome.Shell.desktop Mar 30 12:57:41 luca-desktop gnome-session-binary[1152]: WARNING: App 'org.gnome.Shell.desktop' respawning too quickly Mar 30 12:57:41 luca-desktop gnome-session[1152]: Unable to init server: Could not connect: Connection refused Mar 30 12:57:41 luca-desktop kernel: gnome-session-f[1178]: segfault at 0 ip 7fa9db697e19 sp 7ffebc6e5cb0 error 4 in libgtk-3.so.0.2200.11[7fa9db3b5000+70] Did I forget to update some path? In glx-alternatives perhaps? -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
The 384-stretch@7949 commit with nvidia-graphics-drivers (384.130-0svn1) is also working for me on stretch after fixing the libGL.so.1 symlink in debian/libgl1-glvnd-nvidia-glx.links.in to point to libGL.so.1.7.0; not sure if you caught that already. Best, Ivan
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
Control: found -1 384.111-4 Control: found -1 390.42-1Control: notfound -1 384.111 On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote: > Source: nvidia-graphics-drivers > Version: 384.111 > Severity: serious > Tags: security upstream > > http://nvidia.custhelp.com/app/answers/detail/a_id/4649 > > CVE-2018-6249 > > NVIDIA GPU Display Driver contains a vulnerability in kernel mode > layer > handler where a NULL pointer dereference may lead to denial of > service > or potential escalation of privileges. > > CVE-2018-6253 > > NVIDIA GPU Display Driver contains a vulnerability in the DirectX and > OpenGL Usermode drivers where a specially crafted pixel shader can > cause infinite recursion leading to denial of service. > > Fixed versions: > > R390 390.46 > R384 384.125 Andreas, I've tested 384.130 on Stretch and it seems to be working fine (I've only build-tested 390.48). Is it worth going through backports or shall we just go directly to stretch-p-u given the CVE? -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
Source: nvidia-graphics-drivers Version: 384.111 Severity: serious Tags: security upstream http://nvidia.custhelp.com/app/answers/detail/a_id/4649 CVE-2018-6249 NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. CVE-2018-6253 NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. Fixed versions: R390390.46 R384384.125 -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part