Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516

Related Vulnerabilities: CVE-2023-25515   CVE-2023-25516  

Source

Debian Bug report logs - #1039678
nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516

version graph

Package: src:nvidia-graphics-drivers; Maintainer for src:nvidia-graphics-drivers is Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>;

Reported by: Andreas Beckmann <anbe@debian.org>

Date: Wed, 28 Jun 2023 07:15:09 UTC

Severity: serious

Tags: security, upstream

Found in versions nvidia-graphics-drivers/530.30.02-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/495.44-1, nvidia-graphics-drivers/525.53-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/520.56.06-1, nvidia-graphics-drivers/515.48.07-1, nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/340.24-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1039678; Package src:nvidia-graphics-drivers. (Wed, 28 Jun 2023 07:15:10 GMT) (full text, mbox, link).

Acknowledgement sent to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>. (Wed, 28 Jun 2023 07:15:10 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516
Date: Wed, 28 Jun 2023 09:14:52 +0200
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch 	CVE IDs Addressed
R535, R525, R470, R450 	CVE-2023-25515, CVE-2023-25516

Driver Branch 	Affected Driver Versions 			Updated Driver Version
R535 		All driver versions prior to 535.54.03 		535.54.03
R525 		All driver versions prior to 525.125.06 	525.125.06
R470 		All driver versions prior to 470.199.02 	470.199.02
R450 		All driver versions prior to 450.248.02 	450.248.02

Andreas

Bug 1039678 cloned as bugs 1039679, 1039680, 1039681, 1039682, 1039683, 1039684, 1039685, 1039686 Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:11 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/340.24-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:28 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/343.22-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:29 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/396.18-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:29 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/430.14-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:30 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/455.23.04-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:30 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/465.24.02-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:31 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/495.44-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:31 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/515.48.07-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:32 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/520.56.06-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:32 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/525.53-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:33 GMT) (full text, mbox, link).

Marked as found in versions nvidia-graphics-drivers/530.30.02-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Wed, 28 Jun 2023 07:15:33 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 28 18:40:22 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started