HEADS UP: Possible vulnerability in nvidia display drivers

Hi.
Last night (JST +9) I've found that nvidia disclosed a vulnerability
CVE‑2024‑0126 which is stated to affect Windows and Linux, stated to be
fixed at 550.127.05 (Production Branch) and 565.57.01 (BETA Branch) [1].
New Feature Branch (560 series) is not at all mentioned/updated.

I've filed Bug 282312  - x11/nvidia-driver: Update to 550.127.05 with
x11/linux-nvidia-libs and related DRM ports [2] this morning.

The proposed patch also allows to try latest BETA Branch of the driver
565.57.01. (Some libraries which have version numbers other than
565.57.01 are bumped on x11/linux-nvidia-libs.)


Background why I considered this also (possibly) affect FreeBSD:

As I'm not a nvidia insider, not 100% sure this affects FreeBSD, too.
And with the exactly same reason, not sure 560 series of New Feature
Branch drivers are affected or not.

 But at past, nvidia stated that (IIRC) unless 2 or more KPIs
they want are not implemented on FreeBSD, they would stop providing
"Unified" drivers (current form of non-legacy drivers) for FreeBSD, and
FreeBSD project thankfully implemented them and latest drivers are still
available for FreeBSD.

This strongly suggests that codes for non-100%-FreeBSD-specific parts of
drivers are mostly shared with Linux (and maybe with Solaris, too). So
I've considered it likely affect with FreeBSD, too.

As this is related with CVE, I've skipped most of tests I usually do
before filing PR to provide patch ASAP. What'd done are in Description
and Comment 1 of the PR. And note that gpatch should be preferred over
in-tree patch, as additions and deletions of files are needed, and
in-tree patch doesn't seem to like such an operations even with "-E"
option.


[1] https://nvidia.custhelp.com/app/answers/detail/a_id/5586

[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282312

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>