#1011145 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192

Package:
src:nvidia-graphics-drivers-tesla-460
Source:
nvidia-graphics-drivers-tesla-460
Submitter:
Andreas Beckmann
Date:
2022-07-02 19:03:08 UTC
Severity:
serious
Tags:
#1011145#5
Date:
2022-05-17 13:18:05 UTC
From:
To:
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-28181, CVE-2022-28185
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-28181, CVE-2022-28185
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: tag -6 + wontfix
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

CVE-2022-28181 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user on the network can cause an out-of-bounds write through a specially
crafted shader, which may lead to code execution, denial of service,
escalation of privileges, information disclosure, and data tampering.
The scope of the impact may extend to other components.

CVE-2022-28183 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged regular
user can cause an out-of-bounds read, which may lead to denial of
service and information disclosure.

CVE-2022-28184 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for
DxgkDdiEscape, where an unprivileged regular user can access
administrator- privileged registers, which may lead to denial of
service, information disclosure, and data tampering.

CVE-2022-28185 NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the ECC layer, where an unprivileged regular user can
cause an out-of-bounds write, which may lead to denial of service and
data tampering.

CVE-2022-28191 	NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption
can be triggered by an unprivileged regular user, which may lead to
denial of service.

CVE-2022-28192 	NVIDIA vGPU software contains a vulnerability in the
Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free,
which in turn may cause denial of service. This attack is complex to
carry out because the attacker needs to have control over freeing some
host side resources out of sequence, which requires elevated privileges.

Driver Branch 	CVE IDs Addressed
R510 and R470 	CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
R450 		CVE-2022-28181, CVE-2022-28185, CVE-2022-28192
R390 		CVE-2022-28181, CVE-2022-28185

Andreas
#1011145#22
Date:
2022-07-02 19:02:07 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-460, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011145@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated nvidia-graphics-drivers-tesla-460 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 02 Jul 2022 18:09:57 +0200
Source: nvidia-graphics-drivers-tesla-460
Architecture: source
Version: 460.106.00-6~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 996595 999670 1004852 1005406 1005933 1011145
Changes:
 nvidia-graphics-drivers-tesla-460 (460.106.00-6~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-6) unstable; urgency=medium
 .
   * Backport pci/dma, iosys_map, dma_set_coherent_mask, acpi_bus_get_device,
     cc_mkdec and drm_mode_config_has_allow_fb_modifiers changes from
     470.129.06 to fix kernel module build for Linux 5.18.
   * Minor packaging sync and cleanup (470.129.06-6).
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-5) unstable; urgency=medium
 .
   * Backport linker scripts changes from 510.60.02.
   * Refresh patches.
   * Bump Standards-Version to 4.6.1. No changes needed.
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-4) unstable; urgency=medium
 .
   * Update 0003-fix-conftest-includes.patch to fix kernel module build for
     ppc64el.
   * Backport mt_device_gre changes from 510.39.01 to fix kernel module build
     for arm64.
   * Refresh patches.
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-3) unstable; urgency=medium
 .
   * The Tesla 460 driver series has been declared as End-of-Life by
     NVIDIA. No further updates fixing security issues, critical bugs, or
     adding support for new Xorg or Linux releases will be issued.
https://docs.nvidia.com/datacenter/tesla/drivers/
 .
   * Turn metapackages into transitional packages to aid switching to
     nvidia-graphics-drivers-tesla-470.
     (Closes: #1004852, #1005933, #1011145)
   * Provide less virtual packages.
   * Remove the Tesla 460 driver from the nvidia alternative.
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-2) unstable; urgency=medium
 .
   * Backport stdarg.h and stddef.h changes from 495.44 to fix kernel module
     build for Linux 5.16.
   * Backport pde_data changes from 470.103.01 to fix kernel module build for
     Linux 5.17.  (Closes: #1005406)
   * nvidia-tesla-460-kernel-support: Provide
     /etc/modprobe.d/nvidia-options.conf as a template taking into account the
     module renaming. This is a slave alternative of the nvidia alternative
     (470.86-1).  (Closes: #999670)
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream (510.54-1).
   * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
 .
 nvidia-graphics-drivers-tesla-460 (460.106.00-1) unstable; urgency=medium
 .
   * New upstream Tesla release 460.106.00 (2021-10-26).
 .
   [ Andreas Beckmann ]
   * bug-script: Show the nvidia and glx alternatives (470.82.00-1).
   * nvidia-tesla-460-alternative: libnvidia-cfg.so.1 on its own is not
     sufficient to activate a nvidia alternative (470.82.00-1).
     (Closes: #996595)
   * Fix bashisms in upstream scripts (470.82.00-1).
   * Drop the unusable leftover non-GLVND libegl1-nvidia-tesla-460 package
     (470.82.00-1).
   * nvidia-tesla-460-alternative: Drop unused non-GLVND slave links
     (470.82.00-1).
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla-460 (460.91.03-2) unstable; urgency=medium
 .
   * Backport drm_device_has_pdev and set_current_state changes from 470.63.01
     to fix kernel module build for Linux 5.14.
   * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore
     (470.57.02-3).
   * Bump Standards-Version to 4.6.0. No changes needed.
   * Update lintian overrides.
Checksums-Sha1:
 f5703f3800256dfa57c8fbd40c924e46863cb779 7482 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.dsc
 31d968d0e02dd9afca3b719669866dd27c56cbef 212852 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.debian.tar.xz
 6ecfd24f140a1c615b021a6b86ccfa3d0935b065 8153 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1_source.buildinfo
Checksums-Sha256:
 10a741543c7b7370c868dbb86c0bb687ff3d756964477236d50838e71b748043 7482 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.dsc
 65141cf44c9be59eee8689f45766fa77a4e27f2cec0254e0805566a8b90c5a06 212852 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.debian.tar.xz
 65b4023be640fc04d723bfa6fe03ff5fab80026edd25580e5c4db8ac8e4c86ce 8153 nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1_source.buildinfo
Files:
 a959d61846ee38814bca0dd24fecdc3f 7482 non-free/libs optional nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.dsc
 edebcc37dd29df6ae6d04fcdb8e7a4f7 212852 non-free/libs optional nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1.debian.tar.xz
 4fd436dea58f53fec05001418f214f72 8153 non-free/libs optional nvidia-graphics-drivers-tesla-460_460.106.00-6~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmLAbpgQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNIND/9ZWch7+flcEna7wdjwP31K/eaAHNcPNDXb
j0/YndxyTF33CPPm6VcsCJXi8D0/doZWvWLHn4pAexhrODhnBz+fMS5IEVZWo/+l
uQs1nIZ8Gjh3z7xz+sjVXpACFOCcAjoO2H4NUKILIYOgr9aEYWBr5UsRfrorz4xx
ND7uSDC0QJZKzl3ZxsjeVFfljbiGSu4roEN79MvXF/zGR8fq9ByyUcRGV4NCrTNZ
lPI4Bi3mrfzhFrgV34nEIBenGPSVYvvmc20SctRJBHMpg29EVzharzhrpOGASWv7
bvVI8Xqo9a4GJrl3T9JRezHiwt45K015ZwlJLVwM9a6ijvqlzDpCfmJzdjXdDXwl
t11VIbkTbo6pxdn5TT5Z5diTJWpNfR5vxufC9/9j3OhreAxHCZiqVVe8L2bTCl3T
5AjV0Cf3zOHs+0iFhaOVO2D24Og38RJHAHeJoMqeZ/7i4ki7+EHB8GI0KuJZOrgx
Cj1hWKVN66yb4Au23XpofxR+vmylQz9WlBa8wD15JQ64DZqKA0mgZW1ms0CaTHkO
3737M8hVNXsPOcFhNCNdQ0Lkkzr3/3gtEw6hkbF/AtDEWcXTEBAvcWnaM/Gf9r6m
24briLCY4ATY9Ohy9IZEElRPBm7Bn/4Zd5DL4HlTJXRocWBEiMFqnxOM2haAaRhV
BqVm580m7w==
=flpf
-----END PGP SIGNATURE-----