Bug#1011140: marked as done (nvidia-graphics-drivers: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192)

Tue, 24 May 2022 14:09:16 -0700 

Your message dated Tue, 24 May 2022 21:07:54 +0000
with message-id <e1ntbkw-0007a1...@fasolo.debian.org>
and subject line Bug#1011140: fixed in nvidia-graphics-drivers 510.73.08-1
has caused the Debian Bug report #1011140,
regarding nvidia-graphics-drivers: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011140
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers
Source-Version: 510.73.08-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 May 2022 22:32:57 +0200
Source: nvidia-graphics-drivers
Architecture: source
Version: 510.73.08-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1011140
Changes:
 nvidia-graphics-drivers (510.73.08-1) experimental; urgency=medium
 .
   * New upstream Tesla release 510.73.08 (2022-05-23).
   * New upstream production branch release 510.73.05 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011140)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added a new configuration option for NVIDIA NGX to allow disabling the 
DSO
       signature check. See the "NGX" chapter of the README for more 
information.
   * New upstream production branch release 510.68.02 (2022-04-26).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
Checksums-Sha1:
 bbe9642a828fd9c884c8af0370805cbf9414fef9 6559 
nvidia-graphics-drivers_510.73.08-1.dsc
 427542922f6c05c5a65ece31ca7513a5c4833204 329422674 
nvidia-graphics-drivers_510.73.08.orig-amd64.tar.gz
 01015694e470e362bea61bf910cd05541250ec3b 211513122 
nvidia-graphics-drivers_510.73.08.orig-arm64.tar.gz
 afdcbb0aa6bbb437a4413390d9225d94c76c805f 140 
nvidia-graphics-drivers_510.73.08.orig.tar.gz
 df8f1b12f53c77fab1c7281a1efa9c45599065f4 210724 
nvidia-graphics-drivers_510.73.08-1.debian.tar.xz
 6060fcd32b3036e611a3c6cadcbe6b045e5d5783 5545 
nvidia-graphics-drivers_510.73.08-1_source.buildinfo
Checksums-Sha256:
 0abb4c62ac8273b1bb44304f6d64d9d9be0573c665153e5b6337d29a8e1515c4 6559 
nvidia-graphics-drivers_510.73.08-1.dsc
 b95588672e150a661965c9955887d10c026251626c77558389ff668ca1ba0585 329422674 
nvidia-graphics-drivers_510.73.08.orig-amd64.tar.gz
 677e4ae79299edf585ceb80d1e0cba7e7cf0c305274ebdb50913e0d76d952dcc 211513122 
nvidia-graphics-drivers_510.73.08.orig-arm64.tar.gz
 6d7d0702412f8835009d35b8e245a84579956501ac36723806fec61d3b3d7817 140 
nvidia-graphics-drivers_510.73.08.orig.tar.gz
 b571ec02850cda0663aaef6dca80b46a2d5afa300bf4b2cedda54aa8cfd2f574 210724 
nvidia-graphics-drivers_510.73.08-1.debian.tar.xz
 58e62c20dcac7c7c7dfc101ef4b232f5bf31dbdf08494a76683386200cbf2f4f 5545 
nvidia-graphics-drivers_510.73.08-1_source.buildinfo
Files:
 a926f1b6ca121953197c8f772b1f8863 6559 non-free/libs optional 
nvidia-graphics-drivers_510.73.08-1.dsc
 d2180d9c4e506702259428c9c76d9e9d 329422674 non-free/libs optional 
nvidia-graphics-drivers_510.73.08.orig-amd64.tar.gz
 ece9f2ab18c8914b45a3c5cc0786b270 211513122 non-free/libs optional 
nvidia-graphics-drivers_510.73.08.orig-arm64.tar.gz
 7d2d3af3be6b256b59a1ce34f7939e3e 140 non-free/libs optional 
nvidia-graphics-drivers_510.73.08.orig.tar.gz
 f0499a31d7158d53872f0aa4950ed0c0 210724 non-free/libs optional 
nvidia-graphics-drivers_510.73.08-1.debian.tar.xz
 a6991091dc8a330a1cce19cc0a78dc7a 5545 non-free/libs optional 
nvidia-graphics-drivers_510.73.08-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKNQgkQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCEDhD/9+clS82agj+mmqli404qMqay56QvSrTpvW
ktPRDKN2+yMKxl29Bu4mOLtijX75J30AsjVT7J4qPHU8z4fGbpwcywd09eGZpfRD
LOmBMYHTrKJ7Qx7BhbtqbumZ/+ekgVo2r5Fr23GuTM1fbs70MIK9ejBYYR16SEbb
kLgcPI4E8Ys0OYJTz0D2xYthVAFoGDxvviS1nymFxM0Rj7MzgHkuyhuveZ9OHpuI
GGeFz1I8rO0cJ1Ph+qVAB5XEFZIy1Q3UXGMPRhJmUeg0GDOPESkwCNjjhiQRYYlb
bgPuhz6A/bDQO9lGmmwhVkzsy0JQWKgn5y3Bg24rQnKhFSI8l2qTA7h4lx0snCW5
9/uOtpm3byiT8DgIu823VPiF1d+IXY/ZThIT6K1xW2W7YTgP3iZq9r3sPmQiTFt4
8qBfgjhIqRcmycWzKa3RIeC0q7qXXTIBBYlSvvJH4xB8fevo81ag5R7yYHjSQ+VT
cmZfO5f/HRhAYP/FFvlZGqznkze88971wOjRM0JoOB3ACg42WEs2JuJGcKyZ96mD
MIXn40gQY0QCxPGlJO+S2X/+CQfj4CBGtlriqz2S+nBKBKCU5oFcY0eaib/AOMS5
tTVAK4NxPd/KlU3K3dO6ur7T2B3Ni+49mvDzyNwdSCDOLgQILGxeWkLODeTdwALg
CMd8W0wpJw==
=kMy0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to