Debian Bug report logs -
#1064983
nvidia-graphics-drivers: CVE-2024-0074, CVE-2024-0075, CVE-2022-42265, CVE-2024-0078
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Wed, 28 Feb 2024 19:09:01 UTC
Severity: serious
Tags: security, upstream
Found in versions nvidia-graphics-drivers/515.48.07-1, nvidia-graphics-drivers/495.44-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/545.23.06-1, nvidia-graphics-drivers/530.30.02-1, nvidia-graphics-drivers/550.40.07-1, nvidia-graphics-drivers/520.56.06-1, nvidia-graphics-drivers/535.43.02-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/525.53-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/340.24-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1064983; Package src:nvidia-graphics-drivers.
(Wed, 28 Feb 2024 19:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>.
(Wed, 28 Feb 2024 19:09:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0074, CVE-2022-42265, CVE-2024-0078
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: fixed -7 470.239.06-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5520
CVE-2024-0074 NVIDIA GPU Display Driver for Linux contains a
vulnerability where an attacker may access a memory location after the
end of the buffer. A successful exploit of this vulnerability may lead
to denial of service and data tampering.
CVE-2024-0075 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user may cause a NULL-pointer dereference by
accessing passed parameters the validity of which has not been checked.
A successful exploit of this vulnerability may lead to denial of service
and limited information disclosure.
CVE-2024-0078 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where a user in a guest can
cause a NULL-pointer dereference in the host, which may lead to denial
of service.
CVE-2022-42265 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause integer overflow, which may lead to denial of
service, information disclosure, and data tampering.
Linux Driver Branch CVE IDs Addressed
R550, R545, R535 CVE-2024-0074, CVE-2024-0075
R470 CVE-2024-0074, CVE-2022-42265
Driver Branch Affected Driver Versions Updated Driver Version
R550 All driver versions prior to 550.54.14 550.54.14
R535 All driver versions prior to 535.161.07 535.161.07
R470 All driver versions prior to 470.239.06 470.239.06
R470 All driver versions prior to 470.223.02 470.223.02
Security Updates for NVIDIA vGPU Software
Security Updates for NVIDIA Cloud Gaming
Linux Driver Branch CVE IDs Addressed
R535 CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
R470 CVE-2024-0074, CVE-2024-0078, CVE-2022-42265
Andreas
Bug 1064983 cloned as bugs 1064984, 1064985, 1064986, 1064987, 1064988, 1064989, 1064990, 1064991
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:04 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/340.24-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:25 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/343.22-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:25 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/396.18-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:26 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/430.14-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:26 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/455.23.04-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:27 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/465.24.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:27 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/495.44-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:28 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/515.48.07-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:28 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/520.56.06-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:29 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/525.53-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:29 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/530.30.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:30 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/535.43.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:30 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/545.23.06-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:31 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/550.40.07-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Wed, 28 Feb 2024 19:09:31 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Feb 29 18:17:30 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon