Bug#1039678: nvidia-graphics-drivers: CVE-2023-25515, CVE-2023-25516

Wed, 28 Jun 2023 00:15:21 -0700 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-25515, 
CVE-2023-25516
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-25515, 
CVE-2023-25516
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-25515, 
CVE-2023-25516
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-25515, 
CVE-2023-25516
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2023-25515, 
CVE-2023-25516
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2023-25515, 
CVE-2023-25516
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5468

CVE-2023-25515  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where unexpected untrusted data is parsed, which may
lead to code execution, denial of service, escalation of privileges,
data tampering, or information disclosure.

CVE-2023-25516  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged user can
cause an integer overflow, which may lead to information disclosure and
denial of service.

Linux Driver Branch     CVE IDs Addressed
R535, R525, R470, R450  CVE-2023-25515, CVE-2023-25516

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R535            All driver versions prior to 535.54.03          535.54.03
R525            All driver versions prior to 525.125.06         525.125.06
R470            All driver versions prior to 470.199.02         470.199.02
R450            All driver versions prior to 450.248.02         450.248.02

Andreas

Reply via email to