Debian Bug report logs -
#1033774
nvidia-graphics-drivers: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Sat, 1 Apr 2023 08:06:01 UTC
Severity: serious
Tags: security, upstream
Found in versions nvidia-graphics-drivers/495.44-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/515.48.07-1, nvidia-graphics-drivers/530.30.02-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/520.56.06-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/340.24-1, nvidia-graphics-drivers/525.53-1
Fixed in version nvidia-graphics-drivers/530.41.03-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1033774; Package src:nvidia-graphics-drivers.
(Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>.
(Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -8 + wontfix
Control: close -8 510.85.02-2
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -9 515.48.07-1
Control: found -9 525.60.13-1
Control: reassign -10 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -10 nvidia-open-gpu-kernel-modules: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -10 520.56.06-1
Control: found -10 525.85.12-1
Control: found -10 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: fixed -1 530.41.03-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0189 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, which may lead to code
execution, denial of service, escalation of privileges, information
disclosure, and data tampering.
CVE-2023-0184 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, which may lead to
denial of service, escalation of privileges, information disclosure, and
data tampering.
CVE-2023-0181 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in a kernel mode layer handler, where memory permissions
are not correctly checked, which may lead to denial of service and data
tampering.
CVE-2023-0191 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
access may lead to denial of service or data tampering.
CVE-2023-0183 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer where an out-of-bounds write can
lead to denial of service and data tampering.
CVE-2023-0180 NVIDIA GPU Display Driver for Linux contains a
vulnerability in a kernel mode layer handler, which may lead to denial
of service or information disclosure.
CVE-2023-0185 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where sign conversion issues may
lead to denial of service or information disclosure.
CVE-2023-0198 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where improper restriction of
operations within the bounds of a memory buffer can lead to denial of
service, information disclosure, and data tampering.
CVE-2023-0187 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
read can lead to denial of service.
CVE-2023-0199 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
write can lead to denial of service and data tampering.
CVE-2023-0190 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where a NULL pointer dereference
may lead to denial of service.
CVE-2023-0188 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
user can cause an out-of-bounds read, which may lead to denial of
service.
CVE-2023-0194 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to denial of service.
CVE-2023-0195 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to information disclosure.
Linux Driver Branch CVE IDs Addressed
R530, R525, R515 CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
CVE-2023-0191
R470 CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
CVE-2023-0185, CVE-2023-0187, CVE-2023-0198,
CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
R450 CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
CVE-2023-0185, CVE-2023-0198, CVE-2023-0199,
CVE-2023-0188, CVE-2023-0190, CVE-2023-0194,
CVE-2023-0195, CVE-2023-0191
Driver Branch Affected Driver Versions Updated Driver Version
R530 All driver versions prior to 530.41.03 530.41.03
R525 All driver versions prior to 525.105.17 525.105.17
R515 All driver versions prior to 515.105.01 515.105.01
R470 All driver versions prior to 470.182.03 470.182.03
R450 All driver versions prior to 450.236.01 450.236.01
Andreas
Bug 1033774 cloned as bugs 1033775, 1033776, 1033777, 1033778, 1033779, 1033780, 1033781, 1033782, 1033783
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/340.24-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:25 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/343.22-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:25 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/396.18-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:26 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/430.14-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:27 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/455.23.04-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:27 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/465.24.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:28 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/495.44-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:28 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/515.48.07-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:29 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/520.56.06-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:29 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/525.53-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:30 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/530.30.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:30 GMT) (full text, mbox, link).
Marked as fixed in versions nvidia-graphics-drivers/530.41.03-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Sat, 01 Apr 2023 08:06:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Apr 1 13:10:16 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon