Your message dated Tue, 24 May 2022 01:19:22 +0000 with message-id <e1ntjck-0000hm...@fasolo.debian.org> and subject line Bug#1011140: fixed in nvidia-graphics-drivers 470.129.06-1 has caused the Debian Bug report #1011140, regarding nvidia-graphics-drivers: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1011140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011140 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Severity: serious Tags: security upstream Control: clone -1 -2 -3 -4 -5 -6 -7 -8 Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6 Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, CVE-2022-28185 Control: tag -2 + wontfix Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4 Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185 Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1 Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192 Control: tag -4 + wontfix Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1 Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192 Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1 Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 Control: tag -6 + wontfix Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1 Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1 Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 Control: found -1 340.24-1 Control: found -1 343.22-1 Control: found -1 396.18-1 Control: found -1 430.14-1 Control: found -1 455.23.04-1 Control: found -1 465.24.02-1 Control: found -1 495.44-1 https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28181 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. CVE-2022-28183 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. CVE-2022-28184 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. CVE-2022-28191 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service. CVE-2022-28192 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges. Driver Branch CVE IDs Addressed R510 and R470 CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 R450 CVE-2022-28181, CVE-2022-28185, CVE-2022-28192 R390 CVE-2022-28181, CVE-2022-28185 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers Source-Version: 470.129.06-1 Done: Andreas Beckmann <a...@debian.org> We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1011...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 May 2022 02:51:40 +0200 Source: nvidia-graphics-drivers Architecture: source Version: 470.129.06-1 Distribution: unstable Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Closes: 939067 939447 1011140 1011183 1011245 Changes: nvidia-graphics-drivers (470.129.06-1) unstable; urgency=medium . * New upstream production branch release 470.129.06 (2022-05-16). * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192. (Closes: #1011140) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - Added support for the following GPUs: GeForce RTX 3050, GeForce RTX 3070 Ti Laptop GPU, GeForce RTX 3080 Ti Laptop GPU, GeForce RTX 3090 Ti, RTX A500 Laptop GPU, RTX A1000 Embedded GPU, RTX A2000 Embedded GPU, RTX A1000 Laptop GPU, RTX A2000 8GB Laptop GPU, RTX A3000 12GB Laptop GPU, RTX A4500 Embedded GPU, RTX A4500 Laptop GPU, RTX A5500 Laptop GPU, T550 Laptop GPU. (Closes: #1011183) - Fixed an issue where NvFBC was requesting Vulkan 1.0 while using Vulkan 1.1 core features. This caused NvFBC to fail to initialize with Vulkan loader versions 1.3.204 or newer. . [ Andreas Beckmann ] * Refresh patches. * Update nv-readme.ids. * Import missing legacy IDs from the 510.* README.txt. The Kepler notebook GPUs seem still supported by the 470.* driver. (Closes: #1011245, #939447, #939067) * Bump Standards-Version to 4.6.1. No changes needed. Checksums-Sha1: d00d4aaf37dd2deef287d327d2aa530d5b4b30ba 6775 nvidia-graphics-drivers_470.129.06-1.dsc bd7d89d295ac87193174965e4423e0b259ebf9f0 272134332 nvidia-graphics-drivers_470.129.06.orig-amd64.tar.gz ad0bb70a8e34a7231258edf91637a9474638be01 183675424 nvidia-graphics-drivers_470.129.06.orig-arm64.tar.gz 659a39ae6d7f0eb2f48d74812878bbba20f06f5d 141 nvidia-graphics-drivers_470.129.06.orig.tar.gz e4749e91f92bad47aeeb5873410ff163629db923 210244 nvidia-graphics-drivers_470.129.06-1.debian.tar.xz c96af2a9bd0845030503acdca9004c3ba73daf23 7868 nvidia-graphics-drivers_470.129.06-1_source.buildinfo Checksums-Sha256: ab058c0bfd319c6e773645dcac98abe3f30519a542e7b3303a93f6d8088158bc 6775 nvidia-graphics-drivers_470.129.06-1.dsc e58ccc640c22bd6d1afdec5fc8582192dade8a399a5709a568a811309ef94a09 272134332 nvidia-graphics-drivers_470.129.06.orig-amd64.tar.gz 109c882a6b57a32908c5b0e2e8a65564abc4752be8248cb1928e1b077c9cee25 183675424 nvidia-graphics-drivers_470.129.06.orig-arm64.tar.gz 9b8109cb50748648e81a9ffdc6e0aa94fd86a3d469b920a9ebf38b409804794e 141 nvidia-graphics-drivers_470.129.06.orig.tar.gz 4359f21737184e3bedb0323bfb61460d24c26e5d8f10f040ce2e0ffa39593cb1 210244 nvidia-graphics-drivers_470.129.06-1.debian.tar.xz a36343ba6a1fdd3d50a2453398da3074f8347b4bcfc2932cdaca3dc649d39f83 7868 nvidia-graphics-drivers_470.129.06-1_source.buildinfo Files: 672622340829e6c84b29b2af692005be 6775 non-free/libs optional nvidia-graphics-drivers_470.129.06-1.dsc a5bb28a80e1385429c1f49a7a43bf67c 272134332 non-free/libs optional nvidia-graphics-drivers_470.129.06.orig-amd64.tar.gz c63327c7da3d63272e0a4572ef7bccf7 183675424 non-free/libs optional nvidia-graphics-drivers_470.129.06.orig-arm64.tar.gz 4c6d5ee992dae3231da5d24f2a2c4915 141 non-free/libs optional nvidia-graphics-drivers_470.129.06.orig.tar.gz 6d8cef2ce0238c6f45300ea9ba09b43b 210244 non-free/libs optional nvidia-graphics-drivers_470.129.06-1.debian.tar.xz 326af1c970536a476fb0fbcf93b05752 7868 non-free/libs optional nvidia-graphics-drivers_470.129.06-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKMLLAQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCCmYD/9Q2JWHyMdyZHI9imis73JUSjE/49il/4lq nfa5SLOFEy4N6lViAA9nW2LnX/eGzHSfMarsGJhXRIE7zAUSfh74dMdj33PyNaCF R7q//yyRxHdAQXwWhjOiwgeOloHym2oG3vp+350rP2YzKqbG1MDStmxx8ZplYFJf FJ0bQsBnWFiiknTN/85fTmQvL4X8dHaakZDoOMtIncD0bw+BhPKSi/uvhiNtgT1J OjWH/7lCPzuB0nqNbAOIiJ4iatWTetjI3xYEdb/N0ybQ758GWF39PdkCWSOLklUB pWO10yyECWbjXgxb0p3DauT0QB6MQ3dBEf8Ju9wmgxKOo1B2jNH4PVY20fnaka8Z iIgeShnMy65m18W6Q1koolMWditqSYPQP9mv65hVudv0AexsmLBsDqYHxNWLyWvK +PT+6CkN5eLrxQhOmgNMPH9lG8ENzZt5mxm7EcibDsvp+/6M638H+kKrJVuBQ5P2 Ach8iFyflaZ6re9NNuJZ/TGiWs7xk0IjeJYxvhX0oynhGffmdPwuoT+sv6OOGuqh JWdKi4XFbte3o9ufak/xkDTDqxYHp0hjpAogqWh0CdLe365lxfhQTy5sfUzAqfZq nfLxE+P4YkXfdzrXk/wKI9WZRUi7Zzy98VuoUnrz23yCh3IM6GVsUDEksktbcO6P OBGneboTcg== =PGi5 -----END PGP SIGNATURE-----
--- End Message ---
