Bug#1064991: marked as done (nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078)

Debian Bug Tracking System Tue, 29 Apr 2025 04:51:17 -0700

Your message dated Tue, 29 Apr 2025 11:49:29 +0000
with message-id <e1u9jsr-007ybg...@fasolo.debian.org>
and subject line Bug#1064991: fixed in nvidia-open-gpu-kernel-modules 
550.54.15-1
has caused the Debian Bug report #1064991,
regarding nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, 
CVE-2024-0078
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064991: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064991
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0074, 
CVE-2022-42265, CVE-2024-0078
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0074, 
CVE-2024-0075, CVE-2024-0078
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0074, 
CVE-2024-0075, CVE-2024-0078
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: fixed -7 470.239.06-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5520

CVE-2024-0074   NVIDIA GPU Display Driver for Linux contains a
vulnerability where an attacker may access a memory location after the
end of the buffer. A successful exploit of this vulnerability may lead
to denial of service and data tampering.

CVE-2024-0075   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user may cause a NULL-pointer dereference by
accessing passed parameters the validity of which has not been checked.
A successful exploit of this vulnerability may lead to denial of service
and limited information disclosure.

CVE-2024-0078   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where a user in a guest can
cause a NULL-pointer dereference in the host, which may lead to denial
of service.

CVE-2022-42265  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause integer overflow, which may lead to denial of
service, information disclosure, and data tampering.

Linux Driver Branch     CVE IDs Addressed
R550, R545, R535        CVE-2024-0074, CVE-2024-0075
R470                    CVE-2024-0074, CVE-2022-42265

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R550            All driver versions prior to 550.54.14          550.54.14
R535            All driver versions prior to 535.161.07         535.161.07
R470            All driver versions prior to 470.239.06         470.239.06
R470            All driver versions prior to 470.223.02         470.223.02


Security Updates for NVIDIA vGPU Software
Security Updates for NVIDIA Cloud Gaming

Linux Driver Branch     CVE IDs Addressed
R535                    CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
R470                    CVE-2024-0074, CVE-2024-0078, CVE-2022-42265

Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-open-gpu-kernel-modules
Source-Version: 550.54.15-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 29 Apr 2025 13:25:37 +0200
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 550.54.15-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1064991
Changes:
 nvidia-open-gpu-kernel-modules (550.54.15-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 550.54.15 (2024-03-18).
   * New upstream production and Tesla branch release 550.54.14 (2024-02-23).
     * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265.  (Closes: #1064991)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
Checksums-Sha1:
 75f39933a1a7dd4c19a5f0ec0753c06f9d2dd561 2674 
nvidia-open-gpu-kernel-modules_550.54.15-1.dsc
 d3830032b984773c1263cedbb23ff3d892ed89ca 13434600 
nvidia-open-gpu-kernel-modules_550.54.15.orig.tar.xz
 e8c088d6ae2510efb65ce1c136ab8f499515d563 39748 
nvidia-open-gpu-kernel-modules_550.54.15-1.debian.tar.xz
 61cc2911d4ae5a67801fbb9d0880c7c38af3656e 5532 
nvidia-open-gpu-kernel-modules_550.54.15-1_source.buildinfo
Checksums-Sha256:
 1d0eaaa1034021f9f75ee40b6630a6e7064d9f153c4c1f84ec4432486f595882 2674 
nvidia-open-gpu-kernel-modules_550.54.15-1.dsc
 e447f3692ca0092c842e7fd0a46428e2f47032a0bc32a7ea0efb2a2df5153bf0 13434600 
nvidia-open-gpu-kernel-modules_550.54.15.orig.tar.xz
 5ac5bcba84066cba26ebd8af4840324445478f346605f3aae93d8a315bf14d58 39748 
nvidia-open-gpu-kernel-modules_550.54.15-1.debian.tar.xz
 2c6e2c8232d5b4ea7cdc7140e8f4570217dbe57cba21e30816a60c864f9d7f75 5532 
nvidia-open-gpu-kernel-modules_550.54.15-1_source.buildinfo
Files:
 263aa2fed414a5705b1dab4af400ec7a 2674 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_550.54.15-1.dsc
 78a26bcd4efddfd9b6f4676a5244ef49 13434600 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_550.54.15.orig.tar.xz
 44a8a936f3c249721ee884c30b772f3c 39748 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_550.54.15-1.debian.tar.xz
 3766b57ef7205fd907fc964f64950d6a 5532 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_550.54.15-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmgQuFwQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCPjeD/4//NW2lO7jZ+32WyuDYFgTLCJDqfxTsXY5
JIGAhnkqOHJhzJ0lB40XX7VPXH1fsl8Fhrv3ZMeWPKhEg8oeXKEUPuYaDXaleXGD
OPTQZUSwVPGHubT+sinzQsHJ1W0WToPr/bBMbm31qvNaxYHz6XYxZcgX63qeT0iP
2Y75hV6Lixij9oLV5IbPracZr/RE6gzZoC/of86SAQlzKIPFpNUF5SLUjeaKMcPF
wdHPFUmq6Pqq9x2WKCqonaXzLUJlFffI5WBXfEFWdi52g2WCtNiU1mGPpJzgImbm
gE1rnohhe14lIWqPpVihiJ6emSPO6KiO+/rODuvhOyCTghauUFlEG/DClmdUrcru
ixpiOzPyrEawq8SivNtBThNpvIbhYiHrjWpEK5EU032A/QNElKDfB4TEnRCO29PA
Zx85XZw2NCFcdMNEyrbSO67IUW6fRKaNAmKeIAJoWiGz4s2/PcTDxYJLpusp19Li
u9sQrttuwt9V/XhirObWqSYt0guXZ/uY3hetdTTVXuoWcAprQIN1+V2UeaEbRHLW
+ul73Z+KVzFaZ2zqmwrXNOKvXdRbsVVvjxXRrlY8bw9vV3MVte+3yYhJFMqrZKub
2jhSswJHCUpFf/+jD1eS5WtPNQY4q7EhiSYaeqBBxQadgDqhgHBzytOHaqqGtTTU
81l+vJh/NA==
=/oFE
-----END PGP SIGNATURE-----

pgpPdzppPbKKg.pgp
Description: PGP signature

--- End Message ---

Bug#1064991: marked as done (nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078)

Reply via email to