Debian Bug report logs -
#1016614
nvidia-graphics-drivers: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Thu, 4 Aug 2022 01:51:02 UTC
Severity: serious
Tags: security, upstream
Found in versions nvidia-graphics-drivers/340.24-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/495.44-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/343.22-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1016614; Package src:nvidia-graphics-drivers.
(Thu, 04 Aug 2022 01:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>.
(Thu, 04 Aug 2022 01:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5383
CVE-2022-31607 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where a local user
with basic capabilities can cause improper input validation, which may
lead to denial of service, escalation of privileges, data tampering, and
limited information disclosure.
CVE-2022-31608 NVIDIA GPU Display Driver for Linux contains a
vulnerability in an optional D-Bus configuration file, where a local
user with basic capabilities can impact protected D-Bus endpoints, which
may lead to code execution, denial of service, escalation of privileges,
information disclosure, and data tampering.
CVE-2022-31615 NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where a local user with basic
capabilities can cause a null-pointer dereference, which may lead to
denial of service.
Linux Driver Branch CVE IDs Addressed
R515, R510, R470, R450, R390 CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Andreas
Marked as found in versions nvidia-graphics-drivers/340.24-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:17 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/343.22-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:18 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/396.18-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:18 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/430.14-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:19 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/455.23.04-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:19 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/465.24.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:20 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/495.44-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Thu, 04 Aug 2022 01:51:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Aug 4 13:17:44 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon