Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Mageia 8: MGASA-2022-0198 Moderate: Nvidia Out-Of-Bounds Threats

mageia
Calendar Grey May 22, 2022
Dist Mageia Esm H88
Recent Mageia Nvidia updates address a variety of security concerns, focusing on potential code execution flaws and denial-of-service vulnerabilities.
Updated nvidia-current packages fix security vulnerabilities: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on th...

Summary

Updated nvidia-current packages fix security vulnerabilities:
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components (CVE‑2022‑28181).
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure (CVE‑2022‑28183).
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering (CVE‑2022‑28184).
NV...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30442

- https://www.nvidia.com/en-us/drivers/details/188877/

- https://nvidia.custhelp.com/app/answers/detail/a_id/5353

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128181

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128183

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128184

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128185

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128191

- https://www.cve.org/CVERecord?id=CVE-CVE%E2%80%912022%E2%80%9128192

Resolution

SRPMS

- 8/nonfree/nvidia-current-470.129.06-1.mga8.nonfree

- 8/core/ldetect-lst-0.6.26.12-1.mga8

Publication date: 22 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0198.html
Type: security
CVE: CVE‑2022‑28181, CVE‑2022‑28183, CVE‑2022‑28184, CVE‑2022‑28185, CVE‑2022‑28191, CVE‑2022‑28192

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here