Bug#1011146: marked as done (nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192)

Mon, 23 May 2022 20:27:26 -0700 

Your message dated Tue, 24 May 2022 03:25:52 +0000
with message-id <e1ntlba-000c71...@fasolo.debian.org>
and subject line Bug#1011146: fixed in nvidia-graphics-drivers-tesla-470 
470.129.06-1
has caused the Debian Bug report #1011146,
regarding nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011146
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.129.06-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 May 2022 04:51:58 +0200
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.129.06-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1011146
Changes:
 nvidia-graphics-drivers-tesla-470 (470.129.06-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.129.06 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011146)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added support for the following GPUs: GeForce RTX 3050,
       GeForce RTX 3070 Ti Laptop GPU, GeForce RTX 3080 Ti Laptop GPU,
       GeForce RTX 3090 Ti, RTX A500 Laptop GPU, RTX A1000 Embedded GPU,
       RTX A2000 Embedded GPU, RTX A1000 Laptop GPU, RTX A2000 8GB Laptop GPU,
       RTX A3000 12GB Laptop GPU, RTX A4500 Embedded GPU, RTX A4500 Laptop GPU,
       RTX A5500 Laptop GPU, T550 Laptop GPU.
     - Fixed an issue where NvFBC was requesting Vulkan 1.0 while using
       Vulkan 1.1 core features. This caused NvFBC to fail to initialize with
       Vulkan loader versions 1.3.204 or newer.
Checksums-Sha1:
 ae9d09a677868a250fe1bf4cc6cfd633b0d6a0b8 7572 
nvidia-graphics-drivers-tesla-470_470.129.06-1.dsc
 bd7d89d295ac87193174965e4423e0b259ebf9f0 272134332 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-amd64.tar.gz
 ad0bb70a8e34a7231258edf91637a9474638be01 183675424 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-arm64.tar.gz
 ffadcd81a6d9aa0336f4d0dae8ee31ca7609bdf8 67457113 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-ppc64el.tar.gz
 659a39ae6d7f0eb2f48d74812878bbba20f06f5d 141 
nvidia-graphics-drivers-tesla-470_470.129.06.orig.tar.gz
 0a5ecdcb9210153c9ac0244b56332c0b1d0c09bb 211316 
nvidia-graphics-drivers-tesla-470_470.129.06-1.debian.tar.xz
 b10d136817101570f5d8814f3ebe5e1cee3d4b5a 7918 
nvidia-graphics-drivers-tesla-470_470.129.06-1_source.buildinfo
Checksums-Sha256:
 118bc638e2cc2eeae1b4416935867cb6f882bcb21bf4e46ebbff1e84503f114b 7572 
nvidia-graphics-drivers-tesla-470_470.129.06-1.dsc
 e58ccc640c22bd6d1afdec5fc8582192dade8a399a5709a568a811309ef94a09 272134332 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-amd64.tar.gz
 109c882a6b57a32908c5b0e2e8a65564abc4752be8248cb1928e1b077c9cee25 183675424 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-arm64.tar.gz
 7ea4447d51c58c706e10cf3d769d205e0c6613f7f1848c1f50ea457460358896 67457113 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-ppc64el.tar.gz
 9b8109cb50748648e81a9ffdc6e0aa94fd86a3d469b920a9ebf38b409804794e 141 
nvidia-graphics-drivers-tesla-470_470.129.06.orig.tar.gz
 91d4280a647d6dfbc295d5edf14ee9fb3e4b1470f9e2b364efe158d00d76da01 211316 
nvidia-graphics-drivers-tesla-470_470.129.06-1.debian.tar.xz
 e23f18ef0b7f8ecfb878f9db67179266621283604bbbe7122de6beeb86a8e3da 7918 
nvidia-graphics-drivers-tesla-470_470.129.06-1_source.buildinfo
Files:
 24a7c6fdefd2733dada6b106d314b6e9 7572 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-1.dsc
 a5bb28a80e1385429c1f49a7a43bf67c 272134332 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-amd64.tar.gz
 c63327c7da3d63272e0a4572ef7bccf7 183675424 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-arm64.tar.gz
 6f91cf9b1e3a7af1b9ebcf681c553a5a 67457113 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06.orig-ppc64el.tar.gz
 4c6d5ee992dae3231da5d24f2a2c4915 141 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06.orig.tar.gz
 5f7ecb4ccdfe5d01f7a4238e21893266 211316 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-1.debian.tar.xz
 13f26e3c159bfc551e0a224509e4d2c3 7918 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKMSUYQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCAZbEACgyqTZsqVa/Ie2PDuXXjKTSaH7I4GGUfy9
sCXGP6IxyFjha0z5TmNnDyLfttX+fonwuns0BgBSTKtxB51yzyxops6UPxFiswGu
GDRcgIoyjQQjrbLRwrYolkL3eHEdvl+WGZQhuFPp5WaIKPXteq0KU6XQzhy2zg01
X0kBMzkFnO3Wc3BxiXT7DMDIwkxehuBv6okKcU1L3MSgBWGb9wP4OkbHb8xmlYPz
D0hPayDxz2JWj3Sz3kykEzXKfnVjpT13mHGKYKDk523Fk08z7ShrWfZWCi7Y4j/T
nSfOXAUYDwSwDyWONKNmj2vgxPnQBLxSTPMwpWXaYgdEzjOugbCA6aCJJoUjkhmW
iOCeYR79o5vBDcQ6YH1nbXNUpetQtiJNFGHKzs9l8T3euYZl4Z2/KIvxS+gRwl3c
pwf+SHHalCE4jT/3HPq/MMAQmxH/UYmKJJCrXhiEFPfUhWsVPhLBXudAtuFxbiFO
lGIRVtCe5KSnJFkHrOh2HBP5FdHIECOvhNWSlIkzcuqs0TYe1jqbFlvnBsZbCCK7
Vnwg5HK6NYOvX0RNgHn6ipicpH2ew7WOggAhTWJho1GdCaQy8TcUJzG5DW0Dh3Cp
23MMDdnR5R5r48TJTAzCGjJNiV0oGg87g0vLzscclqDr03iRkhJw+wbNBc4pt0NQ
zhDV1yb2RQ==
=hd48
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to