Debian LTS: DLA-3418-1: nvidia-graphics-drivers-legacy-390xx
Summary
CVE-2022-34670
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an unprivileged regular user can
cause truncation errors when casting a primitive to a primitive of
smaller size causes data to be lost in the conversion, which may
lead to denial of service or information disclosure.
CVE-2022-34674
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where a helper function maps more
physical pages than were requested, which may lead to undefined
behavior or an information leak.
CVE-2022-34675
NVIDIA Display Driver for Linux contains a vulnerability in the
Virtual GPU Manager, where it does not check the return value from a
null-pointer dereference, which may lead to denial of service.
CVE-2022-34677
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an unprivileged regular user can
cause an integer to be truncated, which may lead to denial of
service or data tampering.
CVE-2022-34680
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer handler, where an integer truncation can lead to
an out-of-bounds read, which may lead to denial of service.
CVE-2022-42257
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
information disclosure, data tampering or denial of service.
CVE-2022-42258
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
denial of service, data tampering, or information disclosure.
CVE-2022-42259
NVIDIA GPU Display Driver for Linux contains a vulnerability in the
kernel mode layer (nvidia.ko), where an integer overflow may lead to
denial of service.
For Debian 10 buster, these problems have been fixed in version
390.157-1~deb10u1.
We recommend that you upgrade your nvidia-graphics-drivers-legacy-390xx packages.
For the detailed security status of
nvidia-graphics-drivers-legacy-390xx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/nvidia-graphics-drivers-legacy-390xx
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS