Bug#1011142: marked as done (nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185)

Sun, 19 Jun 2022 10:06:24 -0700 

Your message dated Sun, 19 Jun 2022 17:02:24 +0000
with message-id <e1o2yjc-0009yg...@fasolo.debian.org>
and subject line Bug#1011142: fixed in nvidia-graphics-drivers-legacy-390xx 
390.151-1~deb10u1
has caused the Debian Bug report #1011142,
regarding nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-legacy-390xx
Source-Version: 390.151-1~deb10u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-legacy-390xx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 29 May 2022 01:21:46 +0200
Source: nvidia-graphics-drivers-legacy-390xx
Architecture: source
Version: 390.151-1~deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 992057 994814 996595 999670 1004849 1005804 1005909 1010230 1011142
Changes:
 nvidia-graphics-drivers-legacy-390xx (390.151-1~deb10u1) buster; urgency=medium
 .
   * Rebuild for buster.
 .
 nvidia-graphics-drivers-legacy-390xx (390.151-1~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.151 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28185.  (Closes: #1011142, #1004849)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Fixed a bug which prevented kernel modules linked from precompiled
       kernel interface object files from being loaded on recent Linux
       kernels. This affected custom packages which were prepared with
       nvidia-installer's --add-this-kernel option, for example.
     - Fixed a driver installation failure on Linux kernel 5.17 release
       candidates, where the NVIDIA kernel module failed to build with error
       "implicit declaration of function 'PDE'".
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Work around architecture misdetection when building the kernel modules in
     an armhf environment on an arm64 host.  (Closes: #1010230)
   * Bump Standards-Version to 4.6.1. No changes needed.
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium
 .
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream (510.54-1).
   * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium
 .
   * Fix incomplete backport of pde_data changes from 470.103.01.
     (Closes: #1005909)
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium
 .
   * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency.
     (Closes: #1005804)
   * Backport pde_data changes from 470.103.01 to fix kernel module build for
     Linux 5.17.
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.147 (2021-12-16).
     - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the
       nvidia_icd.json file to be installed in the wrong location.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * bug-script: Show the nvidia and glx alternatives (470.82.00-1).
   * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not
     sufficient to activate a nvidia alternative (470.82.00-1).
     (Closes: #996595)
   * Fix bashisms in upstream scripts (470.82.00-1).
   * libegl1-mesa is a transitional package since buster (470.82.00-1).
   * nvidia-legacy-390xx-kernel-support: Provide
     /etc/modprobe.d/nvidia-options.conf as a template taking into account the
     module renaming. This is a slave alternative of the nvidia alternative
     (470.86-1).  (Closes: #999670)
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium
 .
   * Backport drm_device_has_pdev and set_current_state changes from 470.63.01
     to fix kernel module build for Linux 5.14.  (Closes: #994814)
   * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore
     (470.57.02-3).  (Closes: #992057)
   * Bump Standards-Version to 4.6.0. No changes needed.
Checksums-Sha1:
 fb8bc2ac212121034a53cc30fe3280458e895344 7662 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.dsc
 e95dba4d888768cb75d8962935c7a267b9f5089c 179092 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.debian.tar.xz
 2e5b31a01cf6b3925c893c3235003c875b440f53 8158 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1_source.buildinfo
Checksums-Sha256:
 c45162577f222d84db7939f9cf534d2012c383bf778eeb1677583a894cbe575d 7662 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.dsc
 87814dccd9132d8ea9c1033709f07e24ca8fe496ad13ee02bc2e3ad47a841e2a 179092 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.debian.tar.xz
 1bfe1a3b6f0e676f69213d8702cab5d46bdb838dfab4d678b814a47a3a51975a 8158 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1_source.buildinfo
Files:
 a659f4566b52b0c7906850ab2663c8ce 7662 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.dsc
 d459cb50f3dc04fb81585c930a6622eb 179092 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1.debian.tar.xz
 02fec34e42739da3c226deefaf6cb111 8158 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKSrxwQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCHsCEACVGQrxUUgCXwFXAEssgMRog4G9G3zlSo8d
3chPpZo+WFajpsRQTNbGqy82cYsiii8aB4X1qXkiQgFY1eVSQ6qnAIpMroN5Vl8O
9BzuTGnglnje9pj42z9ArAbiKvihFaTLEPrVkYc24DueQr/M0+SNnZR7nTGc8YcC
+2RYKLQv7aIZbnqdCM+4IfFbTm9eU0k86nmIrKCaSvvuupK+D7Q9NNEAageYGbyO
Aoqd+sYv6hyucED/cWCIhRaF9DhQGyBw7Aisn3Wf5dUa/O5SzUlVSSe8HcOVUX5Y
zpx2+hE1IBXChFGvxIoC3ZdVL2PxgYykVymat4DP3ipESbgEVc6iN6gC8ulQlyVY
8YhJ0aroJ1WhNe52BmsiDl+OLMhXH6NeQl/CC4lZkOP/OvJB3LHRjwPxLY7w8My1
KJXKqgxcSt4OtDxUNktWW10KRccFj+9jjc2iEia6U6B+QhhiIdZFw2WtafZeZ1sD
rV0PwYrlbM1tQx2JyuJnVRfNQ1GUEYwj4J+1AinJ0Oe+IGhrHpkUkblnT5G4ZFYg
J5MpSlPOslgX9pddfhBh8NphgnNkUU8XY7miZRJN5UXFmOs6VC/md1VgwOZNSEqP
jw6UiU69bW6k8ynoyvb3SSKJwTu3iC5Yj8zCUCa+9ogBcZWRGWRx3Z2vd5rtmb8n
ZK4jv7w2fw==
=KD4r
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to