I’m using Nvidia Linux driver 510.73.05. And found that the
nvidia-dbus.conf contains the following configurations:
This will lead to all the dbus services on the OS can be called without explicit permissions.
BTW, dbus itself has had the same security issue before, see 18229 – send_requested_reply="true" allows all non-reply messages for details.
I have NVIDIA drivers 510.73.05 installed and I don’t have this file. Could it come from your distro/packager?
The absolute path is
I’m using the package from the Arch community repo.
But you can find the nvidia-dbus.conf if you extract the driver downloaded from
I have a full installation, the file is not here.
The absolute path on my system is
/usr/share/dbus-1/system.d/nvidia-dbus.conf. I posted the wrong path in my previous reply.
And I downloaded NVIDIA-Linux-x86_64-510.73.05.run from the official download site. Extracted it with the command
sh ./NVIDIA-Linux-x86_64-510.73.05.run --extract-only, then I can found the
nvidia-dbus.conf inside the extracted folder.
❯ ls -lh nvidia-dbus.conf
-rw-r--r-- 1 kevin kevin 254 5月 7日 13:17 nvidia-dbus.conf
❯ cat nvidia-dbus.conf
I will try to install it in a VM to see whether the official driver would install the
nvidia-dbus.conf or not.
find / -xdev -type f | grep dbus | grep nvidia
Only in docs and it’s not used. Also this file does not match what you’ve got installed. Blame your packager.
It’s part of the Dynamic Boost feature,
Even if it’s not present by default it still needs to be implemented in a secure way.
As others have already mentioned it’s part of the Dynamic Boost feature as stated in the docs so no matter if a packager installs the file or the official docs advises people to do so (to my understanding the docs are also the main source for packagers) the outcome would be the same and the issue has to be fixed on the nvidia side to ship a sane nvidia-dbus.conf with their installer which does not implicate any security issues. Note: On Exherbo Linux our nvidia-drivers package also installed this file (due to this issue temporarily disabled …)
FYI, this should be addressed by the latest round of NVIDIA driver security releases: Security Bulletin: NVIDIA GPU Display Driver - August 2022 | NVIDIA
This issue was assigned CVE‑2022‑31608.
I think the proper content for nvidia-dbus.conf is:
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<allow receive_requested_reply="true" receive_type="method_return"/>
<allow receive_requested_reply="true" receive_type="error"/>