-------------------------------------------------------------------------
Debian LTS Advisory DLA-3418-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
May 11, 2023                                  https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : nvidia-graphics-drivers-legacy-390xx
Version        : 390.157-1~deb10u1
CVE ID         : CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677
                 CVE-2022-34680 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259
Debian Bug     : 1025281

NVIDIA has released a software security update for the NVIDIA GPU Display
Driver R390 linux driver branch. This update addresses issues that may lead to
denial of service, escalation of privileges, information disclosure, data
tampering or undefined behavior.


CVE-2022-34670

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer handler, where an unprivileged regular user can
    cause truncation errors when casting a primitive to a primitive of
    smaller size causes data to be lost in the conversion, which may
    lead to denial of service or information disclosure.

CVE-2022-34674

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer handler, where a helper function maps more
    physical pages than were requested, which may lead to undefined
    behavior or an information leak.

CVE-2022-34675

    NVIDIA Display Driver for Linux contains a vulnerability in the
    Virtual GPU Manager, where it does not check the return value from a
    null-pointer dereference, which may lead to denial of service.

CVE-2022-34677

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer handler, where an unprivileged regular user can
    cause an integer to be truncated, which may lead to denial of
    service or data tampering.

CVE-2022-34680

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer handler, where an integer truncation can lead to
    an out-of-bounds read, which may lead to denial of service.

CVE-2022-42257

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer (nvidia.ko), where an integer overflow may lead to
    information disclosure, data tampering or denial of service.

CVE-2022-42258

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer (nvidia.ko), where an integer overflow may lead to
    denial of service, data tampering, or information disclosure.

CVE-2022-42259

    NVIDIA GPU Display Driver for Linux contains a vulnerability in the
    kernel mode layer (nvidia.ko), where an integer overflow may lead to
    denial of service.

For Debian 10 buster, these problems have been fixed in version
390.157-1~deb10u1.

We recommend that you upgrade your nvidia-graphics-drivers-legacy-390xx packages.

For the detailed security status of
nvidia-graphics-drivers-legacy-390xx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/nvidia-graphics-drivers-legacy-390xx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3418-1: nvidia-graphics-drivers-legacy-390xx

May 11, 2023
NVIDIA has released a software security update for the NVIDIA GPU Display Driver R390 linux driver branch

Summary


CVE-2022-34670

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an unprivileged regular user can
cause truncation errors when casting a primitive to a primitive of
smaller size causes data to be lost in the conversion, which may
lead to denial of service or information disclosure.

CVE-2022-34674

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where a helper function maps more
physical pages than were requested, which may lead to undefined
behavior or an information leak.

CVE-2022-34675

NVIDIA Display Driver for Linux contains a vulnerability in the
Virtual GPU Manager, where it does not check the return value from a
null-pointer dereference, which may lead to denial of service.

CVE-2022-34677

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an unprivileged regular user can
cause an integer to be truncated, which may lead to denial of
service or data tampering.

CVE-2022-34680

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an integer truncation can lead to
an out-of-bounds read, which may lead to denial of service.

CVE-2022-42257

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
information disclosure, data tampering or denial of service.

CVE-2022-42258

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
denial of service, data tampering, or information disclosure.

CVE-2022-42259

NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
denial of service.

For Debian 10 buster, these problems have been fixed in version
390.157-1~deb10u1.

We recommend that you upgrade your nvidia-graphics-drivers-legacy-390xx packages.

For the detailed security status of
nvidia-graphics-drivers-legacy-390xx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/nvidia-graphics-drivers-legacy-390xx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : nvidia-graphics-drivers-legacy-390xx
Version : 390.157-1~deb10u1
CVE ID : CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677
Debian Bug : 1025281

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved