Bug#1072800: marked as done (nvidia-open-gpu-kernel-modules: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092)

Debian Bug Tracking System Tue, 18 Jun 2024 20:21:52 -0700

Your message dated Wed, 19 Jun 2024 03:19:45 +0000
with message-id <e1sjlrn-003brv...@fasolo.debian.org>
and subject line Bug#1072800: fixed in nvidia-open-gpu-kernel-modules 
535.183.01-1
has caused the Debian Bug report #1072800,
regarding nvidia-open-gpu-kernel-modules: CVE-2024-0090, CVE-2024-0091, 
CVE-2024-0092
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1072800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072800
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0090, 
CVE-2024-0092
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0090, 
CVE-2024-0092
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0090, 
CVE-2024-0092
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0090, 
CVE-2024-0092
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0090, 
CVE-2024-0092
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0090, 
CVE-2024-0092
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0090, CVE-2024-0092
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0090, 
CVE-2024-0091, CVE-2024-0092
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5551

CVE-2024-0090   NVIDIA GPU driver for Windows and Linux contains a
vulnerability where a user can cause an out-of-bounds write. A
successful exploit of this vulnerability might lead to code execution,
denial of service, escalation of privileges, information disclosure, and
data tampering.

CVE-2024-0091   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user can cause an untrusted pointer dereference
by executing a driver API. A successful exploit of this vulnerability
might lead to denial of service, information disclosure, and data
tampering.

CVE-2024-0092   NVIDIA GPU Driver for Windows and Linux contains a
vulnerability where an improper check or improper handling of exception
conditions might lead to denial of service.

Linux Driver Branch     CVE IDs Addressed
R555, R550              CVE-2024-0090, CVE-2024-0091, CVE-2024-0092
R535, R470              CVE-2024-0090, CVE-2024-0092

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R555            All driver versions prior to 555.52.04          555.52.04
R550            All driver versions prior to 550.90.07          550.90.07
R535            All driver versions prior to 535.183.01         535.183.01
R470            All driver versions prior to 470.256.02         470.256.02


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-open-gpu-kernel-modules
Source-Version: 535.183.01-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Jun 2024 04:56:43 +0200
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 535.183.01-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1072800
Changes:
 nvidia-open-gpu-kernel-modules (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072800)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
Checksums-Sha1:
 d3dfcc1919293c5b63b93318253b6c0ea71689ac 2729 
nvidia-open-gpu-kernel-modules_535.183.01-1.dsc
 2b0fd395aa840f771eb568a04112107d56fa1c1a 12521824 
nvidia-open-gpu-kernel-modules_535.183.01.orig.tar.xz
 7b6e3ea713cbefa719466f3bd9655ceea56f90b6 20560 
nvidia-open-gpu-kernel-modules_535.183.01-1.debian.tar.xz
 7253d347ee8139b3ad82ed9bda11b8cbefdda144 5618 
nvidia-open-gpu-kernel-modules_535.183.01-1_source.buildinfo
Checksums-Sha256:
 80180e8d013fb8d72d8c6f9feba2a0ff4a25ff88fbd794d1f7a2db538b9a3077 2729 
nvidia-open-gpu-kernel-modules_535.183.01-1.dsc
 c75c4d202a2e18a3e0705d23d7f6b6b6341f98d74aefa4977a7fcff115a74c7e 12521824 
nvidia-open-gpu-kernel-modules_535.183.01.orig.tar.xz
 fa413fe90336f6643804b0466de43dc0efafb49e4a92557f80bc03d537791d65 20560 
nvidia-open-gpu-kernel-modules_535.183.01-1.debian.tar.xz
 901fabfba9d5e66bc547ec8c73d8c2eff583d80e16c4595ea64cf79cd1e390da 5618 
nvidia-open-gpu-kernel-modules_535.183.01-1_source.buildinfo
Files:
 07af3bb4a10cb54776d5ffbcb2a0bc98 2729 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.183.01-1.dsc
 29bf5de90ce40340e7b4179a8548411b 12521824 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.183.01.orig.tar.xz
 b18763eb73c4f48a849717fd0d60918b 20560 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.183.01-1.debian.tar.xz
 54b5826fbd844d00764380415a7e137f 5618 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.183.01-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZySjMQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCMkPEACAJ6+ff3xK8o4Ic0oo5RjgrhgfmC2uNcie
1rEICTItUKYbFe6lSw8QXjeKuwRdjVFhg5g6l26dc2afBq8PKEQgUiW5nLp0lCe4
2JbUDlMRVwHZdAPfFpldYO5IXR6UrovvDHDYxm1V3XvCHm79QKIYGb27+u7Vpr95
3HZQ93lb6nDFx4TM3gTVNs5KDXxvMU62kWoaYnrOtdt9oYRr02dduycE8L1oKgaS
uNzO7yrewzCCOZQWr/BftPsSAWOk8KJODfuIl7El7r6vsJa7EnOv5wZHc5gMnYvw
uh8ASEs+djKEfbx+wjeIWN/X2EBoeE8W/iVb0WzNP6oaILD40k9w08/Fd9xG+/ZN
7SOBKiZt1FWs3Alh8UjssBvF6pMONp5m66abmcfBIibTWAS75unpQT2YiKuGcxsO
cbsvDNR201fgEETFMzeLLJBf+IvV7N/Qx0Mi/whcuJpwNh+vK0cdgfZXqyTiTCe4
JNqKq7ellJABTkM23e2Ew/nA8LGSQDfNYjFW7FODEANTWUVq0FTWZkIpIyDHdDTG
qkGdMACbroZEeXV2foL0UfOzb4gXxy6TxBUuDM431oS65GFubfP8LHeRpzBHUFbM
zr83fvziBOy/6dPdNLsBMfTSZeW/0vOkR43hjmDYuv7hwOGiNkFmVc9r4QFIChzQ
qgG59jWDZw==
=Awag
-----END PGP SIGNATURE-----

pgpvhRdFfO_Bg.pgp
Description: PGP signature

--- End Message ---

Bug#1072800: marked as done (nvidia-open-gpu-kernel-modules: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092)

Reply via email to