Bug#1011142: marked as done (nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185)

Sun, 19 Jun 2022 10:06:23 -0700 

Your message dated Sun, 19 Jun 2022 17:02:08 +0000
with message-id <e1o2yjm-0009tl...@fasolo.debian.org>
and subject line Bug#1011142: fixed in nvidia-graphics-drivers-legacy-390xx 
390.151-1~deb11u1
has caused the Debian Bug report #1011142,
regarding nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1011142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, 
CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, 
CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, 
CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, 
CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192  NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch   CVE IDs Addressed
R510 and R470   CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, 
CVE-2022-28191, CVE-2022-28192
R450            CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390            CVE-2022-28181, CVE-2022-28185

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-legacy-390xx
Source-Version: 390.151-1~deb11u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-legacy-390xx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 29 May 2022 00:37:41 +0200
Source: nvidia-graphics-drivers-legacy-390xx
Architecture: source
Version: 390.151-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 992057 994814 996595 999670 1004849 1005804 1005909 1010230 1011142
Changes:
 nvidia-graphics-drivers-legacy-390xx (390.151-1~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.151 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28185.  (Closes: #1011142, #1004849)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Fixed a bug which prevented kernel modules linked from precompiled
       kernel interface object files from being loaded on recent Linux
       kernels. This affected custom packages which were prepared with
       nvidia-installer's --add-this-kernel option, for example.
     - Fixed a driver installation failure on Linux kernel 5.17 release
       candidates, where the NVIDIA kernel module failed to build with error
       "implicit declaration of function 'PDE'".
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Work around architecture misdetection when building the kernel modules in
     an armhf environment on an arm64 host.  (Closes: #1010230)
   * Bump Standards-Version to 4.6.1. No changes needed.
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium
 .
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream (510.54-1).
   * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium
 .
   * Fix incomplete backport of pde_data changes from 470.103.01.
     (Closes: #1005909)
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium
 .
   * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency.
     (Closes: #1005804)
   * Backport pde_data changes from 470.103.01 to fix kernel module build for
     Linux 5.17.
 .
 nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.147 (2021-12-16).
     - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the
       nvidia_icd.json file to be installed in the wrong location.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * bug-script: Show the nvidia and glx alternatives (470.82.00-1).
   * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not
     sufficient to activate a nvidia alternative (470.82.00-1).
     (Closes: #996595)
   * Fix bashisms in upstream scripts (470.82.00-1).
   * libegl1-mesa is a transitional package since buster (470.82.00-1).
   * nvidia-legacy-390xx-kernel-support: Provide
     /etc/modprobe.d/nvidia-options.conf as a template taking into account the
     module renaming. This is a slave alternative of the nvidia alternative
     (470.86-1).  (Closes: #999670)
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium
 .
   * Backport drm_device_has_pdev and set_current_state changes from 470.63.01
     to fix kernel module build for Linux 5.14.  (Closes: #994814)
   * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore
     (470.57.02-3).  (Closes: #992057)
   * Bump Standards-Version to 4.6.0. No changes needed.
 .
 nvidia-graphics-drivers-legacy-390xx (390.144-1~deb10u1) buster; urgency=medium
 .
   * Rebuild for buster.
Checksums-Sha1:
 212aba3c5723e3edcfe34d125e32e1054f4c56a5 7662 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
 4fa1ad374fcc0ce84784adf5acd77696dc6bd8fb 179096 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
 787d275adacba5f36745a1ac88e000adb0375434 8132 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo
Checksums-Sha256:
 1da7b83f3e912b08182e29c65acf3cfc897047081b4f80c50ee01e3d715f66e2 7662 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
 757881595466192f86cb366cd909a68328f63b9a5809cb20bcd5d1d8ae8795c4 179096 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
 ad0d80a8f822f724cbb1d49946f31dd078003e8bab0b14fcf230c7f370673301 8132 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo
Files:
 ed5301045a44459bb9675fbc5eb722b8 7662 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.dsc
 a43b07b144b106c1773fdcd901f4b6f5 179096 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1.debian.tar.xz
 f3a77e0c1a3d834db220c7c4d3a11ce9 8132 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.151-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmKSpUgQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCFCtEACL3SnUBi6SElIZYEevWcs+O3HguTC/3W9G
RztNm4OF8/O7EQZIbBWkF3UsvJSpwCyWElblCdGLoyI5pe2VDjzqQ2L/09CsH3yl
jihg9SetByW+HlxSxFup0whutGDbJOGQ1jfkVt2llRq/YwpOB5Dj8+ayOgOr3M4s
qOhKUZt5JyMr3KVAcgWHzOR/hwmC4xIO4NXbqgGP7yzBkgpo9Q2ZGPKFXEd0vBIE
zbx1qoz4kibl8GlwHfvw+LC3cBRVgp2UwiQrzqpVKYYxCOHAYC4moPU7ELebg8zE
k+wVYtJ7Z3Bhk1tut9Oa1nKQ5UTgLyrj+PwjLLA5XZIbt/nqNEb1x6nyyG5Omrjz
jPEVZBrCcIHlFAs3tMB0NF0TXYAQNRZykIqjIdGTtAY71uZhkYDW09uGgDzV1hpn
LFT/coiVysxCUUy1z+/VNQki/rt/tUG3ZCu/odNcMU9GiovOE6QiZtUg1yhzJuYp
jBKn4qH7FawAVe9tITQatZAIfF0xQRRG24mvLc++r10HX1An00ckYgp5EJ+ISC1+
JRWjn9IrFHVJn7d32MiMiyq2XZWbrQKplcvp/D2NLV4eImvF+D2K4xEnibsmo5e3
JaLvMPjG3oD7aPjgBSHw3V26zY77QyzXEGlSlXo0b//C8DVOOhQV4DnO35TKxsxa
haNTnNjcaA==
=5aHi
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to