Your message dated Sun, 19 Jun 2022 17:02:08 +0000
with message-id <e1o2yjm-0009tl...@fasolo.debian.org>
and subject line Bug#1011142: fixed in nvidia-graphics-drivers-legacy-390xx
390.151-1~deb11u1
has caused the Debian Bug report #1011142,
regarding nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1011142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181,
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181,
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181,
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181,
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181,
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181,
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181,
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
https://nvidia.custhelp.com/app/answers/detail/a_id/5353
CVE-2022-28181 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.
CVE-2022-28183 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.
CVE-2022-28184 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.
CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.
CVE-2022-28191 NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.
CVE-2022-28192 NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.
Driver Branch CVE IDs Addressed
R510 and R470 CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
CVE-2022-28191, CVE-2022-28192
R450 CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390 CVE-2022-28181, CVE-2022-28185
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers-legacy-390xx
Source-Version: 390.151-1~deb11u1
Done: Andreas Beckmann <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the
Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated
nvidia-graphics-drivers-legacy-390xx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 29 May 2022 00:37:41 +0200
Source: nvidia-graphics-drivers-legacy-390xx
Architecture: source
Version: 390.151-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 992057 994814 996595 999670 1004849 1005804 1005909 1010230 1011142
Changes:
nvidia-graphics-drivers-legacy-390xx (390.151-1~deb11u1) bullseye;
urgency=medium
.
* Rebuild for bullseye.
.
nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium
.
* New upstream legacy branch release 390.151 (2022-05-16).
* Fixed CVE-2022-28181, CVE-2022-28185. (Closes: #1011142, #1004849)
https://nvidia.custhelp.com/app/answers/detail/a_id/5353
- Fixed a bug which prevented kernel modules linked from precompiled
kernel interface object files from being loaded on recent Linux
kernels. This affected custom packages which were prepared with
nvidia-installer's --add-this-kernel option, for example.
- Fixed a driver installation failure on Linux kernel 5.17 release
candidates, where the NVIDIA kernel module failed to build with error
"implicit declaration of function 'PDE'".
.
[ Andreas Beckmann ]
* Refresh patches.
* Work around architecture misdetection when building the kernel modules in
an armhf environment on an arm64 host. (Closes: #1010230)
* Bump Standards-Version to 4.6.1. No changes needed.
.
nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium
.
* dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
kernels, not supported upstream (510.54-1).
* Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
.
nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium
.
* Fix incomplete backport of pde_data changes from 470.103.01.
(Closes: #1005909)
.
nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium
.
* Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency.
(Closes: #1005804)
* Backport pde_data changes from 470.103.01 to fix kernel module build for
Linux 5.17.
.
nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium
.
* New upstream legacy branch release 390.147 (2021-12-16).
- Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the
nvidia_icd.json file to be installed in the wrong location.
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Refresh patches.
* bug-script: Show the nvidia and glx alternatives (470.82.00-1).
* nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not
sufficient to activate a nvidia alternative (470.82.00-1).
(Closes: #996595)
* Fix bashisms in upstream scripts (470.82.00-1).
* libegl1-mesa is a transitional package since buster (470.82.00-1).
* nvidia-legacy-390xx-kernel-support: Provide
/etc/modprobe.d/nvidia-options.conf as a template taking into account the
module renaming. This is a slave alternative of the nvidia alternative
(470.86-1). (Closes: #999670)
* Update lintian overrides.
.
nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium
.
* Backport drm_device_has_pdev and set_current_state changes from 470.63.01
to fix kernel module build for Linux 5.14. (Closes: #994814)
* Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore
(470.57.02-3). (Closes: #992057)
* Bump Standards-Version to 4.6.0. No changes needed.
.
nvidia-graphics-drivers-legacy-390xx (390.144-1~deb10u1) buster; urgency=medium
.
* Rebuild for buster.
Checksums-Sha1:
212aba3c5723e3edcfe34d125e32e1054f4c56a5 7662
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
4fa1ad374fcc0ce84784adf5acd77696dc6bd8fb 179096
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
787d275adacba5f36745a1ac88e000adb0375434 8132
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo
Checksums-Sha256:
1da7b83f3e912b08182e29c65acf3cfc897047081b4f80c50ee01e3d715f66e2 7662
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
757881595466192f86cb366cd909a68328f63b9a5809cb20bcd5d1d8ae8795c4 179096
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
ad0d80a8f822f724cbb1d49946f31dd078003e8bab0b14fcf230c7f370673301 8132
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo
Files:
ed5301045a44459bb9675fbc5eb722b8 7662 non-free/libs optional
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
a43b07b144b106c1773fdcd901f4b6f5 179096 non-free/libs optional
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
f3a77e0c1a3d834db220c7c4d3a11ce9 8132 non-free/libs optional
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKSpUgQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCFCtEACL3SnUBi6SElIZYEevWcs+O3HguTC/3W9G
RztNm4OF8/O7EQZIbBWkF3UsvJSpwCyWElblCdGLoyI5pe2VDjzqQ2L/09CsH3yl
jihg9SetByW+HlxSxFup0whutGDbJOGQ1jfkVt2llRq/YwpOB5Dj8+ayOgOr3M4s
qOhKUZt5JyMr3KVAcgWHzOR/hwmC4xIO4NXbqgGP7yzBkgpo9Q2ZGPKFXEd0vBIE
zbx1qoz4kibl8GlwHfvw+LC3cBRVgp2UwiQrzqpVKYYxCOHAYC4moPU7ELebg8zE
k+wVYtJ7Z3Bhk1tut9Oa1nKQ5UTgLyrj+PwjLLA5XZIbt/nqNEb1x6nyyG5Omrjz
jPEVZBrCcIHlFAs3tMB0NF0TXYAQNRZykIqjIdGTtAY71uZhkYDW09uGgDzV1hpn
LFT/coiVysxCUUy1z+/VNQki/rt/tUG3ZCu/odNcMU9GiovOE6QiZtUg1yhzJuYp
jBKn4qH7FawAVe9tITQatZAIfF0xQRRG24mvLc++r10HX1An00ckYgp5EJ+ISC1+
JRWjn9IrFHVJn7d32MiMiyq2XZWbrQKplcvp/D2NLV4eImvF+D2K4xEnibsmo5e3
JaLvMPjG3oD7aPjgBSHw3V26zY77QyzXEGlSlXo0b//C8DVOOhQV4DnO35TKxsxa
haNTnNjcaA==
=5aHi
-----END PGP SIGNATURE-----
--- End Message ---