As it points out, this is an issue with the driver rather than the physical GPU.
I can't fathom why people want to abstract something as simple as downloading the drivers straight from Nvidia and installing it, but then again people (perhaps rightfully) don't understand WTF a computer is.
GeForce Experience removed the game streaming feature in 2023, but the protocol was reverse-engineered, and there's compatible third-party tools for game streaming.
Sunshine is the server, and Moonlight is the client.
It works a lot better than Miracast.
I only do it because (1) GeForce Experience requires logging in with Nvidia account and seems to log me out every time; (2) when GeForce Experience updates the driver it seems to pause forever doing god knows what between finishing the download and starting to install.
They do matter, you're just lucky(?) always using hardware and software environments that are always covered by the first thing on the list.
If you don't want to specify details and run an installer, that's squarely a You problem.
I think I do understand WTF a computer is, yet at some point I also had a tool on windows installed, that automatically downloaded ALL of the drivers for all devices.
Convenient, but the main reason I installed the thing was, because it could install drivers I did not even find on official websites.
But just out of curiosity, if you understand what a computer is, why do you prefer manual labour and look down on people who automate things?
Because driver updates I didn't strictly need have historically ruined my day more often than not.
No, I'm not grabbing this driver update either. My Nvidia drivers are years old but they work fine, and I have better things to do than troubleshoot borkage stemming from drivers I didn't need to fix.
Remember: If it ain't broke, don't fix it.
>and look down on people who automate things?
The specific audience here should know better than to delegate updates (let alone updates for system components) to some nebulous automated and/or all-in-one construct provided by third-parties to the hardware/driver vendor.
Personally I'm still running with the drivers that came with the box when I bought it in 2020. GeForce Experience is an abomination; besides the mind-boggling bloat, demanding that I create an account just to download a driver update really made me determined never to buy NVidia ever again.
Perhaps nVideo should request access to a dpecial 'this is less crap' process and help MS understand how dangerous is the previous crap it approved.
Because I don't use my PC to play games and thus don't need anything more than run-of-the-mill graphics acceleration, I'm loathe to download NVIDIA's enormous drivers, which I assume contain extraneous features and utilities that are useless to me.
(enter "GPU Display" in the search filter box)
At least, that seems to be the consensus among people who've tried to figure this out. There's no official word.
I get that there is a different release cadence, but it’s simply not acceptable to do business as normal surrounding security releases. The driver page should either have that 656.92 available or disable the download link for the stable channel with a note on when they expect it to be available again.
At the very least, some product manager should be fired. This is a legal liability, and no amount of click-wrap disclaimers will protect them if someone gets owned because of this negligence.
- Nouveau users tomorrow, after their framebuffer finishes loading
The people that actually need to update are:
* Multi-user systems with some untrusted users.
* Users with malware on their system already (which could privilege escalate)
* virtualization hosts of untrusted guests.
> Opening up capability in the browser needs to be a careful process. It has not been recently.
That's what about 95% of the WebGPU design process is about and why it takes so long (the design process started in 2017). Creating a cross-platform 3D API is trivial, doing this with web security requirements is not.
Because web browsers are supposed to be locked down and able to run untrusted code, not an operating system that reinvents all the same failings of actual operating systems. They should be functionality impaired in favor of safety as much as possible. For the same reason you don't get access to high precision timing in browser (a lesson that took a while to learn!), you shouldn't have arbitrary capabilities piled onto it.
Modern browsers are application runtimes with a very flexible delivery mechanism. It's really up to web developers to decide what features this system should have to enable rich experiences for their users. Declaring that they should be functionally impaired or what they "should be" without taking into account the user experience we want to deliver is the wrong way of approaching this.
To be clear: I do think we should take security very seriously, especially in the one program people use the most. I also think reinventing operating systems to run within other operating systems is silly. But the web browser has become the primary application runtime and is how most people experience computing, so enabling it to deliver rich user experiences is inevitable. Doing this without compromising security or privacy is a very difficult problem, which should be addressed. It's not like the web is not a security and privacy nightmare without this already. So the solution is not to restrict functionality in order to safeguard security, but to find a way to implement these features securely and safely.
And that is a bad thing it was pushed this far! Exactly this is the argument here!
Some app stores and package managers automate a lot of this complexity to simplify the UX, and all of them use the web in the background anyway, but the experience is far from just loading a web URL in a browser.
And native apps on most platforms are also a security nightmare, which is why there is a lot of momentum to replicate the mobile and web sandboxing model on traditional OSs, which is something that web browsers have had for a long time.
The answer is somewhere in the middle. We need better and more secure operating systems that replicate some of the web model, and we need more capable and featureful "web browsers" that deliver the same experience as native apps. There have been numerous attempts at both approaches over the past decade+ with varying degrees of success, but there is still a lot of work to be done.
You make it sound like a web browser is not a native app.
The web today is mostly a media consumption platform. Applications for people who want to use their computer as a tool rather than a toy don't fit the model of "connect to some URL and hope your tools are still there".
Meanwhile, while that's also true for web apps, you can get started with learning HTML and basic JavaScript in Notepad, with no extra software needed. (Of course, you might then progress to actually using compilers like TypeScript, frameworks like React, and so on, but you don't need them to start learning.)
There's always been a much higher perceived barrier to be able to make native apps in Windows, whereas it's easier to get started with web development.
Clearly this is true. But as someone with an old-school preference for native applications over webapps (mostly for performance/ux/privacy reasons) it irritates me that I need to use an everything app just to browse HN or Wikipedia. I don't want to go all hairshirt and start using Lynx, I just want something with decent ux and a smaller vulnerability surface.
But why?
That feels like saying it irritates someone they need to run Windows in order to run Notepad, when they don't need the capabilities of Photoshop at the moment.
An everything app is for everything. Including the simple things.
The last thing I'd want is to have to use one browser for simpler sites and another for more complex sites and webapps and constantly have to remember which one was for which.
I already have an operating system. It's like saying I don't need notepad to be able to execute arbitrary programs with 3D capabilities and listen sockets because it's a text editor.
You also wouldn't need to remember what your generic sandbox app runtime is. Use your browser, and if you click on a link to an app, you'll be prompted to open the link using your default handler for that mime type.
Are you not familiar with Gmail or Google Maps or YouTube?
> I already have an operating system.
But Gmail and Google Maps and YouTube don't run on the OS. And this is a feature -- I can log into my Gmail on any browser without having to install anything. Life is so much easier when you don't have to install software, but just open a link.
> Use your browser, and if you click on a link to an app, you'll be prompted to open the link using your default handler for that mime type.
But I like having news links in Gmail open in a new tab in the same window. The last thing I want is to be juggling windows between different applications when tabs in the same app are such a superior UX.
Imagine how annoying it would be if my "app" browser had tabs for Gmail and Maps and YouTube and my "docs" browser had tabs for the NYT and WaPo and CNN, and I couldn't mix them?
Or if the NYT only worked in my "docs" browser, but opening a link to its crossword puzzle opened in my "apps" browser instead?
That's a terrible user experience for zero benefit at all.
(And I still would have to remember which is which, even if there's a MIME type, for when I want to go back to a tab I already opened!)
Maps is legitimately an interactive application, though I'd be surprised if most people don't use a dedicated app for it.
The point is you wouldn't have an "apps browser" with tabs. If something is nontrivial, launch it as an actual application, and let the browser be about browsing websites with minimal scripting like the crossword puzzle. Honestly there probably should be friction with launching apps because it's a horrible idea to randomly run code from every page you browse to, and expanding the scope of what that code is allowed to do is just piling on more bad ideas.
...this is possibly missing the point, but it occurs to me that you don't have to. Hacker News and Wikipedia are two websites I'd expect to work perfectly well in e.g. Links.
It's a bigger problem if you want to read the New York Times. I don't know whether the raw html is compatible, but if nothing else you have to log in to get past their paywall.
Seriously, don't you see the incongruity of your statement?
Putting everything, I mean everything into the browser, and arguing for it, is stupid. It stops becoming a browser then and becomes a native sytem, with the problems of the native systems accessing the open wild all over again. And then? Will be there a sandbox inside the browser/new-OS for the sake of security then? Sanbox into a not so sandbox anymore?
Why modern operating systems are bad:
1. Desktop OS allow installation of unrestricted applications. And actually most applications are unrestricted. While there are attempts at creating containerised applications, those attempts are weak and not popular. When I'm installing World of Warcraft, its installer silently adds trusted root certificate into my computer.
2. Mobile OS are walled gardens. You can't just run anything, you need to jump through many hoops at best or live in certain countries at worst.
3. There's no common ground for every operating system. Every operating system is different, has completely different APIs. While there are frameworks which try to abstract those things, those frameworks adds their own pile of issues.
Browser just fixes everything. It provides secure sandbox which is trusted by billions of users. It does not restrict user in any way, there's no "Website Store" or something like that, you can open everything and you can bring your app online within few minutes. It provides an uniform API which is enough to create many kinds of applications and it'll run everywhere: iPhone, Pixel, Macbook, Surface, Thinkpad.
Yes, there are apps which might need full filesystem access, for example to measure directory sizes or to search things on the filesystem. There are apps to check neighbour WiFi for security which need very full access to WiFi adapter and that's fine. But those apps could use another way of installation, like entering password 3 times and dancing for 1 minute, to ensure that user understands the full implications of giving such an access.
My point is that on typical desktop operating system today, typical application has too much access and many applications actually use that access for bad things, like spying for user, installing their own startup launchers, updaters and whatnot. Web does that better. You can't make your webapp to open when browser starts, unless you ask user to perform a complicated sequence of actions. You can't make your webapp to access my ssh key unless you ask me to drag it into a webpage.
Same reason kids should be stuck with Nerf guns while grownups have firearms.
Each to their own but I consider native applications a step down from web apps.
"Screw it, I'm giving up my web app and will now pay Apple/Google the protection money and margin they demand to shelter within their ad-ridden ecosystem lock-in." ... yeh that's definitely a step down.
It's difficult to make GPU access secure because GPU vendors never really prioritized security, so there's countless ways to do something that's wonky and accidentally leaks memory from something the app isn't supposed to have access to. You can containerize CPU and have strict guarantees that there's no way host memory will map into the container, but AFAIK this isn't a thing on GPUs except in some enterprise cards.
If this is actually the case (which I doubt very much - no offense) then please definitely write a ticket to your browser vendor, because that would be a massive security problem and would be more news-worthy than this NVIDIA CVE (leaking image data into WebGL textures was actually a bug I remember right around the time when WebGL was in development, but that was fixed quickly).
Say goodbye to anyone supporting Linux at all in that case. These rare security issues are a small price to pay for having software that works everywhere.
It isn't.
And there is no basis for your assertion these security issues are rare.
Yes.
Although the malware we're talking about doesn't actually work everywhere but only one one brand of GPU. But I would take it working everywhere over my computer not being useful.
Cross-platform app frameworks have never been a panacea, but I think there may be a middle ground to be found between the web and truly native apps. Something with a shallower learning curve, batteries-included updating and distribution, etc. that isn’t the web or Electron.
That said, I worry that it’s too late. Even if such a framework were to magically appear, the momentum of the complex beast that is the web platform will probably not slow.
... that is satisfied by a single click from malware or social engineering. Insane.
Insane thing is that arbitrary application has instantly full access to your computer. And web application still heavily constrained and has to ask about almost every permission.
The reason your web page has to be imprisoned in permissions is that it is a web page from just about anyone using access that the browser has given it without telling the user.
In addition, Qubes is not so restrictive, if you don't play games or run LLMs.
See also: https://forum.qubes-os.org/t/how-to-pitch-qubes-os/4499/15
That is roughly equivalent to dealing with a security related roadblock to my workflow for 1 minute every day (or 10 security related popups that i have to click that cost me 6 seconds each or one 30 minute inconvenience a month). I think that even having the UAC popups enabled on Windows is too steep a price to pay.
I think security like this matters in places where the amount of financial gain for a breach is much much higher (concentrated stores of PII at a company with thousands of users for example) because your threat model has to consider you being specifically targeted for exploitation. As an individual worried about internet background hacking radiation it doesn't make sense for me to waste my time.
> I silo financial information (and banks also have security) so such a breach is extremely unlikely to be catastrophic
So you are doing manually what Qubes OS does automatically: security through compartmentalization.
> The expectation is that it will cost me a couple weeks of my life as like an absolute worst case.
This sounds quite reasonable but ignores privacy issues and issues with computer ownership with Windows; I guess you also don't care about that.
I do agree that using Qubes wastes more of my time than your estimates; however it also, e.g., encourages 100% safe tinkering for those who like it, prevents potential upgrade downtime, enables easy backup and restore process and more.
> I think security like this matters in places where the amount of financial gain for a breach is much much higher (concentrated stores of PII at a company with thousands of users for example)
How about owning crypto?
I can see it staying in the wild for a long time too. How many of the people that are playing on these cards, or crypto mining, or doing LLM work, are really going to even find out about these vulnerabilities and update the drivers?
Game mods are already barely sandboxed to begin with. Unless proven otherwise (ie. by manually inspecting the mod package), you should treat game mods the same as random exes you got off the internet, not harmless apps you install on a whim.
Native applications talk directly to the GPU's kernel-mode driver. The intended flow is that you call into the vendor's user-mode drivers - which are dynamic libraries in your application's address space - and they generate commands and execute ioctls on your application's behalf. The interface between these libraries and the KMD is usually undocumented, ill-defined and poorly tested. GPU vendors don't tend to care about security, so if the KMD doesn't properly validate some inputs, well, that issue can persist a long time. And if there's any bit of control stream that lets you tell the GPU to copy stuff between memory you own and memory you don't... I guess you get a very long security bulletin.
The point is, webpages have access to a much smaller attack surface than native applications. It's unlikely anything in this bulletin is exploitable through a browser.
if you have a single user machine and ARE already owned then this is REALLY a non-issue for you.
>NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering
What does “privileged attacker” mean on Linux? In my mind, “privileged” would mean they already have root, but in that case there’s nothing to escalate, right?
They mention hypervisor breaches further below, so could the CVE 0126 imply that a local root user on a shared GPU machine of some sort can break out of the virtualization?
Edit: found the Windows driver[1] directly via an online search which covers older models, too.
[1] https://www.nvidia.com/download/driverResults.aspx/235774/
1. https://security-tracker.debian.org/tracker/source-package/n... 2. https://tracker.debian.org/pkg/nvidia-graphics-drivers
https://arstechnica.com/gaming/2024/02/nvidias-new-app-doesn...