Your message dated Sun, 05 May 2024 18:48:21 +0000
with message-id <[email protected]>
and subject line Bug#1064991: fixed in nvidia-open-gpu-kernel-modules
535.161.08-1~deb12u1
has caused the Debian Bug report #1064991,
regarding nvidia-open-gpu-kernel-modules: CVE-2024-0074, CVE-2024-0075,
CVE-2024-0078
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1064991: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064991
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <[email protected]>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0074,
CVE-2022-42265, CVE-2024-0078
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0074,
CVE-2024-0075, CVE-2024-0078
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0074,
CVE-2024-0075, CVE-2024-0078
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: fixed -7 470.239.06-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5520
CVE-2024-0074 NVIDIA GPU Display Driver for Linux contains a
vulnerability where an attacker may access a memory location after the
end of the buffer. A successful exploit of this vulnerability may lead
to denial of service and data tampering.
CVE-2024-0075 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user may cause a NULL-pointer dereference by
accessing passed parameters the validity of which has not been checked.
A successful exploit of this vulnerability may lead to denial of service
and limited information disclosure.
CVE-2024-0078 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where a user in a guest can
cause a NULL-pointer dereference in the host, which may lead to denial
of service.
CVE-2022-42265 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause integer overflow, which may lead to denial of
service, information disclosure, and data tampering.
Linux Driver Branch CVE IDs Addressed
R550, R545, R535 CVE-2024-0074, CVE-2024-0075
R470 CVE-2024-0074, CVE-2022-42265
Driver Branch Affected Driver Versions Updated Driver
Version
R550 All driver versions prior to 550.54.14 550.54.14
R535 All driver versions prior to 535.161.07 535.161.07
R470 All driver versions prior to 470.239.06 470.239.06
R470 All driver versions prior to 470.223.02 470.223.02
Security Updates for NVIDIA vGPU Software
Security Updates for NVIDIA Cloud Gaming
Linux Driver Branch CVE IDs Addressed
R535 CVE-2024-0074, CVE-2024-0075, CVE-2024-0078
R470 CVE-2024-0074, CVE-2024-0078, CVE-2022-42265
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-open-gpu-kernel-modules
Source-Version: 535.161.08-1~deb12u1
Done: Andreas Beckmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated
nvidia-open-gpu-kernel-modules package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Mar 2024 17:15:50 +0100
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 535.161.08-1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Closes: 1033783 1039686 1055144 1064991
Changes:
nvidia-open-gpu-kernel-modules (535.161.08-1~deb12u1) bookworm; urgency=medium
.
* Rebuild for bookworm.
.
nvidia-open-gpu-kernel-modules (535.161.08-1) unstable; urgency=medium
.
* New upstream Tesla branch release 535.161.08 (2024-03-18).
* Upload to unstable.
.
nvidia-open-gpu-kernel-modules (535.161.07-1) experimental; urgency=medium
.
* New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
* Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078. (Closes: #1064991)
https://nvidia.custhelp.com/app/answers/detail/a_id/5520
* Sync with src:nvidia-graphics-drivers.
* Refresh patches.
* Upload to experimental.
.
nvidia-open-gpu-kernel-modules (535.154.05-1) unstable; urgency=medium
.
* New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
* New upstream long term support branch release 535.146.02 (2023-12-07).
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (535.129.03-1) unstable; urgency=medium
.
* New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
* Fixed CVE-2023-31022. (Closes: #1055144)
https://nvidia.custhelp.com/app/answers/detail/a_id/5491
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (535.113.01-1) unstable; urgency=medium
.
* New upstream long term support branch release 535.113.01 (2023-09-21).
* New upstream Tesla branch release 535.104.12 (2023-09-25).
* New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
* New upstream long term support branch release 535.98 (2023-08-08).
* New upstream Tesla branch release 535.86.10 (2023-07-31).
* New upstream long term support branch release 535.86.05 (2023-07-18).
* Sync with src:nvidia-graphics-drivers.
* Refresh patches.
.
nvidia-open-gpu-kernel-modules (535.54.03-1) UNRELEASED; urgency=medium
.
* New upstream LTS and Tesla branch release 535.54.03 (2023-06-14).
* Fixed CVE-2023-25515, CVE-2023-25516. (Closes: #1039686)
https://nvidia.custhelp.com/app/answers/detail/a_id/5468
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (535.43.02-1) UNRELEASED; urgency=medium
.
* New upstream beta 535.43.02 (2023-05-30).
* Refresh patches.
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (530.41.03-1) unstable; urgency=medium
.
* New upstream new feature branch release 530.41.03 (2023-03-23).
* Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
CVE-2023-0191. (Closes: #1033783)
https://nvidia.custhelp.com/app/answers/detail/a_id/5452
* Sync with src:nvidia-graphics-drivers.
* Fix package build reproducibility.
.
nvidia-open-gpu-kernel-modules (530.30.02-1) UNRELEASED; urgency=medium
.
* New upstream beta 530.30.02 (2023-02-28).
* Refresh patches.
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (525.147.05-3) unstable; urgency=medium
.
* Sync with src:nvidia-graphics-drivers.
.
nvidia-open-gpu-kernel-modules (525.147.05-2) unstable; urgency=medium
.
* Sync with src:nvidia-graphics-drivers.
Checksums-Sha1:
00110140cc9b772465f9bd229074b056f3bcd4e1 2761
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.dsc
359f3589de6b73b9977627b59a2981ed9f60a75d 20432
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.debian.tar.xz
495f3333f47496156f0e5ce0dd2c9bccf11c7803 5838
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1_source.buildinfo
Checksums-Sha256:
544a726adabd2b2629b1fc0b2cfbeef50a32caf153ed3b044dd3f05c4954c782 2761
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.dsc
440cebd366e6f4a12fc4f2754dfa44cb4e11b2c3d8a2d1c36e443c02081f36d2 20432
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.debian.tar.xz
1c95aeee1deb653a41f157bce8841eeff8691e1c1f58110522b0c5fda4b99bfa 5838
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1_source.buildinfo
Files:
5ecbefff1e80e2dcd61218b99f457a57 2761 contrib/kernel optional
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.dsc
157ee8953c880160fdfb9f3a0bdd6039 20432 contrib/kernel optional
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1.debian.tar.xz
0b0f27ece866c7b1aae97afdf59a36ea 5838 contrib/kernel optional
nvidia-open-gpu-kernel-modules_535.161.08-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmYFmJkQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCN4SD/oCIj9A+TqXzGGiiBD9ECJ/QljsKtnZyccL
tUe2N9z6nuhvdCKhYpko9VJ49axEB+Jw7zTACm6gQMNhC6EoxhaEaEG1UJAJPVD2
geWGyLj6kyegJ9/rQER8R1OBbEW7iRl2u+MF/E8Loq8C71PuFufvW7wJ9OCBGSY4
x4PEysLUXSxViyzieKXs5r5wexwBREELoeGr4LGQAeJ7HjCWzot4oKi8sG5nJIwH
F/FVk3gw7EgZydI12uCiGYDvNwPEVM1KTcbMCNFzQ0a7iM6gGaCTwy7Lf2uAMiun
a0gJKBK6/E1+vw6ZnEjL51r+y+STnTeNgB3dBf72HmRTqg8OKYz9vSvI4HJrZfsa
7Dz1zX39I8BttIGh4DQ4c7OC9IBXgHWj0dN89SfnquAcjo+LGgI5pXyUBmfe926B
P9xvYONZ3SINRM0b/jlfyTINU2Zh4au2SElUR8aT0cWlkwZZRzMi44KgzWQN1/lY
+5Lq5dNRbkPR/qNI7m2WS5295SWspvNlx7msP2fvUv4VDGJABVM5AaCyseh7VxYg
62aFSyZSTDh44AtwG2BUAZJt++EXGg3ij4uSj1VvN+ubh1k3OjO4PN+cRRLkv2sN
v/Ua6vOes0BypBvc0wg7nJyWyKb9R1Bq6HFdKTeYBUQBgDcHaKhQFz6dO9mIxk32
mVVGNlYyLQ==
=4PpH
-----END PGP SIGNATURE-----
pgplgIY3A61fB.pgp
Description: PGP signature
--- End Message ---