Bug#1016614: nvidia-graphics-drivers: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615

Andreas Beckmann anbe at debian.org
Thu Aug 4 02:49:10 BST 2022 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-31607, CVE-2022-31608, CVE-2022-31615
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5383

CVE-2022-31607 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where a local user
with basic capabilities can cause improper input validation, which may
lead to denial of service, escalation of privileges, data tampering, and
limited information disclosure.

CVE-2022-31608 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in an optional D-Bus configuration file, where a local
user with basic capabilities can impact protected D-Bus endpoints, which
may lead to code execution, denial of service, escalation of privileges,
information disclosure, and data tampering.

CVE-2022-31615 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where a local user with basic
capabilities can cause a null-pointer dereference, which may lead to
denial of service.

Linux Driver Branch 		CVE IDs Addressed
R515, R510, R470, R450, R390 	CVE-2022-31607, CVE-2022-31608, CVE-2022-31615


Andreas

More information about the pkg-nvidia-devel mailing list