1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1064983: nvidia-graphics-drivers: CVE-2024-0074, CVE-2024-0075, CVE

    From Andreas Beckmann@21:1/5 to All on Wed Feb 28 20:10:02 2024
    Source: nvidia-graphics-drivers
    Severity: serious
    Tags: security upstream
    X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
    Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
    Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
    Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: tag -2 + wontfix
    Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
    Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: tag -3 + wontfix
    Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
    Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: tag -4 + wontfix
    Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
    Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: tag -5 + wontfix
    Control: close -5 450.248.02-4
    Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
    Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: tag -6 + wontfix
    Control: close -6 460.106.00-3
    Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
    Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
    Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
    Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
    Control: found -8 515.48.07-1
    Control: found -8 525.60.13-1
    Control: tag -8 + wontfix
    Control: close -8 525.147.05-6
    Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
    Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
    Control: found -9 520.56.06-1
    Control: found -9 525.85.12-1
    Control: found -9 530.30.02-1
    Control: found -9 535.43.02-1
    Control: found -9 545.23.06-1
    Control: found -9 550.40.07-1
    Control: found -1 340.24-1
    Control: found -1 343.22-1
    Control: found -1 396.18-1
    Control: found -1 430.14-1
    Control: found -1 455.23.04-1
    Control: found -1 465.24.02-1
    Control: found -1 495.44-1
    Control: found -1 515.48.07-1
    Control: found -1 520.56.06-1
    Control: found -1 525.53-1
    Control: found -1 530.30.02-1
    Control: found -1 535.43.02-1
    Control: found -1 545.23.06-1
    Control: found -1 550.40.07-1
    Control: fixed -7 470.239.06-1

    https://nvidia.custhelp.com/app/answers/detail/a_id/5520

    CVE-2024-0074 NVIDIA GPU Display Driver for Linux contains a
    vulnerability where an attacker may access a memory location after the
    end of the buffer. A successful exploit of this vulnerability may lead
    to denial of service and data tampering.

    CVE-2024-0075 NVIDIA GPU Display Driver for Windows and Linux contains
    a vulnerability where a user may cause a NULL-pointer dereference by
    accessing passed parameters the validity of which has not been checked.
    A successful exploit of this vulnerability may lead to denial of service
    and limited information disclosure.

    CVE-2024-0078 NVIDIA GPU Display Driver for Windows and Linux contains
    a vulnerability in the kernel mode layer, where a user in a guest can
    cause a NULL-pointer dereference in the host, which may lead to denial
    of service.

    CVE-2022-42265 NVIDIA GPU Display Driver for Windows and Linux contains
    a vulnerability in the kernel mode layer handler, where an unprivileged
    regular user can cause integer overflow, which may lead to denial of
    service, information disclosure, and data tampering.

    Linux Driver Branch CVE IDs Addressed
    R550, R545, R535 CVE-2024-0074, CVE-2024-0075
    R470 CVE-2024-0074, CVE-2022-42265

    Driver Branch Affected Driver Versions Updated Driver Version
    R550 All driver versions prior to 550.54.14 550.54.14
    R535 All driver versions prior to 535.161.07 535.161.07
    R470 All driver versions prior to 470.239.06 470.239.06
    R470 All driver versions prior to 470.223.02 470.223.02


    Security Updates for NVIDIA vGPU Software
    Security Updates for NVIDIA Cloud Gaming

    Linux Driver Branch CVE IDs Addressed
    R535 CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
    R470 CVE-2024-0074, CVE-2024-0078, CVE-2022-42265

    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Beckmann@21:1/5 to All on Tue Mar 26 08:40:01 2024
    Followup-For: Bug #1064991

    new upstream releases are being tested locally and should be ready for
    upload soon ...


    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Beckmann@21:1/5 to All on Wed Apr 24 07:50:02 2024
    Followup-For: Bug #1064991
    Control: severity -1 important

    migration is currently blocked by the t64 migration

    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)