Bug#1011142: marked as done (nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185)

Thu, 19 May 2022 03:39:20 -0700 

Your message dated Thu, 19 May 2022 10:36:14 +0000
with message-id <e1nrdvu-0003wr...@fasolo.debian.org>
and subject line Bug#1011142: fixed in nvidia-graphics-drivers-legacy-390xx 
390.151-1
has caused the Debian Bug report #1011142,
regarding nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-legacy-390xx
Source-Version: 390.151-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-legacy-390xx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 May 2022 12:07:44 +0200
Source: nvidia-graphics-drivers-legacy-390xx
Architecture: source
Version: 390.151-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1004849 1010230 1011142
Changes:
 nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.151 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28185.  (Closes: #1011142, #1004849)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Fixed a bug which prevented kernel modules linked from precompiled
       kernel interface object files from being loaded on recent Linux
       kernels. This affected custom packages which were prepared with
       nvidia-installer's --add-this-kernel option, for example.
     - Fixed a driver installation failure on Linux kernel 5.17 release
       candidates, where the NVIDIA kernel module failed to build with error
       "implicit declaration of function 'PDE'".
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Work around architecture misdetection when building the kernel modules in
     an armhf environment on an arm64 host.  (Closes: #1010230)
   * Bump Standards-Version to 4.6.1. No changes needed.
Checksums-Sha1:
 00730656c8e31afbba6f6150d2ed63d285f73463 7630 
nvidia-graphics-drivers-legacy-390xx_390.151-1.dsc
 5dfd3ce25e0d65132d88101b7d2969580c92f1c5 85992146 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-amd64.tar.gz
 5c1b279662b2d11d54b8bb56097963e4e80636bf 30012714 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-armhf.tar.gz
 2b0cd08db5b72a7fe51f20e14010c612aecc096b 50721019 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-i386.tar.gz
 567d1efc90f8b6b0eef5469d9caf786ceec2f9b0 139 
nvidia-graphics-drivers-legacy-390xx_390.151.orig.tar.gz
 b20ad384497f6b1d48f55d14ac060e9c767c6938 178832 
nvidia-graphics-drivers-legacy-390xx_390.151-1.debian.tar.xz
 7c2907ad2a2a347f686f3476c4d2babd53920999 7864 
nvidia-graphics-drivers-legacy-390xx_390.151-1_source.buildinfo
Checksums-Sha256:
 a19daf6fa612111ec19f7d7a2a43303c78f33af7902d2a4553ee4e70039f26f3 7630 
nvidia-graphics-drivers-legacy-390xx_390.151-1.dsc
 fad1c613b79743c56c49558f0232a9ff5a4fd3d8ce8650f7d47a98ec3e085388 85992146 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-amd64.tar.gz
 5f72c63b8f86652cc0d14310717bcd1483a95f3a15d7ebcacba826555f46462c 30012714 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-armhf.tar.gz
 b1185b0ec9b3616c3aa26aa7a5d23f365fa970cc873c091fdb24a0098bf422e3 50721019 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-i386.tar.gz
 92b059d69e5c54194808d967e45b48ea77d7054b95bfb26fcac89be27a76acc8 139 
nvidia-graphics-drivers-legacy-390xx_390.151.orig.tar.gz
 fcb7962df38efff55b969fa380a87f081125797ca0d5ecbd465d6b4781a1892f 178832 
nvidia-graphics-drivers-legacy-390xx_390.151-1.debian.tar.xz
 2621da212e13209d4083052147529c78ee9850d3a6b8ac1aa48dc969672ee372 7864 
nvidia-graphics-drivers-legacy-390xx_390.151-1_source.buildinfo
Files:
 f74524069ce895af24252bce2c641151 7630 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1.dsc
 c57713980e8c8e620460fc5d60f5c7af 85992146 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-amd64.tar.gz
 a83ee8d755c2aef706eb8cc5f6e6c8af 30012714 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-armhf.tar.gz
 8dbecc46d84124e28ebd5ce7320c46b8 50721019 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151.orig-i386.tar.gz
 14db86547dc0299daed5acababf472a6 139 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151.orig.tar.gz
 09abfe5d3751b94677e562185f2032fe 178832 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1.debian.tar.xz
 cfe8ceb6c811e5d6b906dd1e734fc90c 7864 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKGF7oQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCGGzD/9cxBZ14+smOQ0kEJDveOSKDWC1+sDtFo8j
iVcpRAt5LtLk9yT1wav/DGRKM1SWMU1OAxMiuqoLHhdECuMJTKskQgAtfqcx5mOs
Kkgds0Msi3H2+PbBgS0+iDvxB20C5HrMfCI61yK1wSHGiz38GjBmwvG+NxCnn/cC
9OPTHAR03sNAxaWGXiq54yAcPkHfsNNGd6FJBqzSfY3P2D6qv+yKsvFQivKJ4B7U
2Kp0AFzZNmlf9EJUqS/3Wlb2jV8vehxBvbQDvfOTqL1sLilsFFJJR9iYC8wK2JRS
W85HzAI6gg8iyUBqmUZxQsAKuslVEgMgyatSefaKpvw8n5/x9zT63vjiKWuieSoP
M4NjVR3etr6V2pgKZ9lJj86wRTlxa0vR20P+xNY4oHaWwCgI9uTWXEPs6BTM/Yy5
M8sYB6muFufN5/dxIuj2aJg/MkYRCUp1hdb8Dmt5CljO0kq+k2ouGpYjnU7Pjp86
Scy5/wFcDM4xe5iaOygf6JCExyPg5PCBUOSX8VK5NIbVE7GzvI+oiqW8vz+jtF3Z
KOGJm2XSnm0ls4w1kXN2v4lGAVvRsQl7NGtUHOgJBnnWyQJ3v9Z9d/EPV1EXa7dO
2Wluq0nUVbHoam7viwgROppqLXkWsXuQw0/WC/Z5lqHQJ2H4RF8BrcLJUP687RHA
hpjRbrv1GA==
=dUkm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to