Bug#1011146: marked as done (nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192)

Sun, 03 Jul 2022 09:06:18 -0700 

Your message dated Sun, 03 Jul 2022 16:03:07 +0000
with message-id <e1o823v-0005sp...@fasolo.debian.org>
and subject line Bug#1011146: fixed in nvidia-graphics-drivers-tesla-470 
470.129.06-6~deb11u1
has caused the Debian Bug report #1011146,
regarding nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011146
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.129.06-6~deb11u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 03 Jul 2022 14:01:32 +0200
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.129.06-6~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 939067 939447 1011140 1011146 1011183 1011245 1011527
Changes:
 nvidia-graphics-drivers-tesla-470 (470.129.06-6~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-6) unstable; urgency=medium
 .
   * Rebuild as Tesla 470 driver.
   * Build nvidia-cuda-mps from the Tesla driver.
 .
 nvidia-graphics-drivers (470.129.06-6~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers (470.129.06-6) unstable; urgency=medium
 .
   * Minor packaging sync and cleanup.
   * Disable building nvidia-cuda-mps, will be built from
     src:nvidia-graphics-drivers-tesla-${latest}.
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-5) unstable; urgency=medium
 .
   * Rebuild as Tesla 470 driver.
   * Temporarily disable autopkgtest on ppc64el.  (Cf. #1012245)
 .
 nvidia-graphics-drivers (470.129.06-5) unstable; urgency=medium
 .
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-4) unstable; urgency=medium
 .
   * Rebuild as Tesla 470 driver.
 .
 nvidia-graphics-drivers (470.129.06-4) unstable; urgency=medium
 .
   * Use different virtual packages for firmware file Conflicts and Depends.
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-3) unstable; urgency=medium
 .
   * Rebuild as Tesla 470 driver.
 .
 nvidia-graphics-drivers (470.129.06-3) unstable; urgency=medium
 .
   * Do not create backups when patching README.txt.
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-2) unstable; urgency=medium
 .
   * Rebuild as Tesla 470 driver.
 .
 nvidia-graphics-drivers (470.129.06-2) unstable; urgency=medium
 .
   * Fix discrepancy between amd64 and i386 README.txt.  (Closes: #1011527)
 .
 nvidia-graphics-drivers-tesla-470 (470.129.06-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.129.06 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011146)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added support for the following GPUs: GeForce RTX 3050,
       GeForce RTX 3070 Ti Laptop GPU, GeForce RTX 3080 Ti Laptop GPU,
       GeForce RTX 3090 Ti, RTX A500 Laptop GPU, RTX A1000 Embedded GPU,
       RTX A2000 Embedded GPU, RTX A1000 Laptop GPU, RTX A2000 8GB Laptop GPU,
       RTX A3000 12GB Laptop GPU, RTX A4500 Embedded GPU, RTX A4500 Laptop GPU,
       RTX A5500 Laptop GPU, T550 Laptop GPU.
     - Fixed an issue where NvFBC was requesting Vulkan 1.0 while using
       Vulkan 1.1 core features. This caused NvFBC to fail to initialize with
       Vulkan loader versions 1.3.204 or newer.
 .
 nvidia-graphics-drivers (470.129.06-1) unstable; urgency=medium
 .
   * New upstream production branch release 470.129.06 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011140)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added support for the following GPUs: GeForce RTX 3050,
       GeForce RTX 3070 Ti Laptop GPU, GeForce RTX 3080 Ti Laptop GPU,
       GeForce RTX 3090 Ti, RTX A500 Laptop GPU, RTX A1000 Embedded GPU,
       RTX A2000 Embedded GPU, RTX A1000 Laptop GPU, RTX A2000 8GB Laptop GPU,
       RTX A3000 12GB Laptop GPU, RTX A4500 Embedded GPU, RTX A4500 Laptop GPU,
       RTX A5500 Laptop GPU, T550 Laptop GPU.  (Closes: #1011183)
     - Fixed an issue where NvFBC was requesting Vulkan 1.0 while using
       Vulkan 1.1 core features. This caused NvFBC to fail to initialize with
       Vulkan loader versions 1.3.204 or newer.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Import missing legacy IDs from the 510.* README.txt.
     The Kepler notebook GPUs seem still supported by the 470.* driver.
     (Closes: #1011245, #939447, #939067)
   * Bump Standards-Version to 4.6.1. No changes needed.
 .
 nvidia-graphics-drivers (470.103.01-4) unstable; urgency=medium
 .
   * Update 0003-fix-conftest-includes.patch to fix kernel module build for
     ppc64el.
   * Backport mt_device_gre changes from 510.39.01 to fix kernel module build
     for arm64.
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.103.01-3~deb11u2) bullseye; urgency=medium
 .
   * Re-enable building libnvidia-nvvm4.
 .
 nvidia-graphics-drivers (470.103.01-3~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
   * Temporarily disable building libnvidia-nvvm4 to avoid NEW.
 .
 nvidia-graphics-drivers (470.103.01-3) unstable; urgency=medium
 .
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream (510.54-1).
   * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
   * nvidia-detect: Drop support for Tesla 460 drivers (EoL).
Checksums-Sha1:
 c1cdec1195cf1f38c7c41c98f44de96abe4bf1e0 7691 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.dsc
 4404865a5f0857e3f04fe7e1d27147ea666f18b2 211780 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.debian.tar.xz
 ba533e2b1c239ed2facdd2dfe3bf77adfb3951fd 8192 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1_source.buildinfo
Checksums-Sha256:
 ab1280949ff36709750c168e7f86a37e858d5a6493066ccc39e5a0231e210d8d 7691 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.dsc
 37f4597ee239e2650baeaefce91c5cb5495a0ef0e6da1f74368b2610eb7710f7 211780 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.debian.tar.xz
 ddbd4b914f4ffc794defa693beadca50a5a1c7a269cdff54ac14918627344ce9 8192 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1_source.buildinfo
Files:
 6e36a5b9b4ee700dde29490e08ba75be 7691 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.dsc
 157d15b7d29bba5782ef326897767371 211780 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1.debian.tar.xz
 5933c3ab4c7a99d74385a7e114a2882e 8192 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.129.06-6~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmLBheYQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCJK6D/kBJIZYkU+bfjZPwgSJGHpBQl2LvISgQRrh
oBl12KU1lV6KYEHK4APy6GP2exQijojIJS+RYQMDvwaej9ZvUaPLVTYvLumMHOfT
jUxD9q/HS7Vr2AA4L9qryldthFBnqnlTZSMsBLRQ5esndG7SE0PVjeG9lMBNKAFk
eSB71WvNRMyFuNOiMpojq9Mfk5bvAgeBkdwYJEr3Q7gu+a5AjxxNVdxQESJMmNQW
9AADIMcdK5DVqcyiGGgCSh1OuB8J/cXWn3eFzUduKAt2sp/79skyhvBalGZdGZBI
89I+76jIyt2W5ckyGbFYjMbdvkOz1qdHPRa/uNzaCmGhTscPm+L92s5mBQY37MIj
RhSifgODo+mr+aPaR1tlGS0ViFpZTbUBPSZMbYP3niGlUqMjpz74dshC1d5pi+QW
9rpa0n/0ZNu63SqufvntxtPpWp8aMs2BXVxAMtcikuOEc4euFMhUi4B+W5bavqX1
M+db+aKc+gNngW+3MAXzXSbCBmbp1KBLrxtxHzOTbOO1uIAVHYoDj1B/wa5CwM8P
XCU4asVxNoXDv+Si7WQUS37FolaVq4Bf7mOpCDD5XVRdg6kx0BEqOLYAujPaU5sb
IvGkww2kX6lWEz0jHNXUEm5eIMjp2RKrhN/qQ0lflFmDutGButXZs4wHFHHMP+ZF
e/kHrIzRyg==
=xlGg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to