Debian Bug report logs -
#1011140
nvidia-graphics-drivers: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Tue, 17 May 2022 13:21:02 UTC
Severity: serious
Tags: security, upstream
Found in versions nvidia-graphics-drivers/340.24-1, nvidia-graphics-drivers/465.24.02-1, nvidia-graphics-drivers/455.23.04-1, nvidia-graphics-drivers/343.22-1, nvidia-graphics-drivers/430.14-1, nvidia-graphics-drivers/396.18-1, nvidia-graphics-drivers/495.44-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1011140; Package src:nvidia-graphics-drivers.
(Tue, 17 May 2022 13:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>.
(Tue, 17 May 2022 13:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5353
CVE-2022-28181 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.
CVE-2022-28183 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.
CVE-2022-28184 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.
CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.
CVE-2022-28191 NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.
CVE-2022-28192 NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.
Driver Branch CVE IDs Addressed
R510 and R470 CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
R450 CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390 CVE-2022-28181, CVE-2022-28185
Andreas
Marked as found in versions nvidia-graphics-drivers/340.24-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:17 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/343.22-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:18 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/396.18-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:19 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/430.14-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:19 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/455.23.04-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:20 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/465.24.02-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:20 GMT) (full text, mbox, link).
Marked as found in versions nvidia-graphics-drivers/495.44-1.
Request was from Andreas Beckmann <anbe@debian.org>
to submit@bugs.debian.org.
(Tue, 17 May 2022 13:21:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 18 13:12:24 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon