Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202310-02

Gentoo Linux Security Advisory 202310-2 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected.

Packet Storm
#vulnerability#web#mac#linux

Gentoo Linux Security Advisory GLSA 202310-02


                                       https://security.gentoo.org/  

Severity: Normal
Title: NVIDIA Drivers: Multiple Vulnerabilities
Date: October 03, 2023
Bugs: #764512, #784596, #803389, #832867, #845063, #866527, #881341, #884045, #903614
ID: 202310-02


Synopsis

Multiple vulnerabilities have been discovered in NVIDIA Drivers, the
worst of which could result in root privilege escalation.

Background

NVIDIA Drivers are NVIDIA’s accelerated graphics driver.

Affected packages

Package Vulnerable Unaffected


x11-drivers/nvidia-drivers < 470.182.03 >= 470.182.03

Description

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please
review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All NVIDIA Drivers 470 users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-470.182.03:0/470”

All NVIDIA Drivers 515 users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-515.105.01:0/515”

All NVIDIA Drivers 525 users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-525.105.17:0/525”

All NVIDIA Drivers 530 users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-530.41.03:0/530”

References

[ 1 ] CVE-2021-1052
https://nvd.nist.gov/vuln/detail/CVE-2021-1052
[ 2 ] CVE-2021-1053
https://nvd.nist.gov/vuln/detail/CVE-2021-1053
[ 3 ] CVE-2021-1056
https://nvd.nist.gov/vuln/detail/CVE-2021-1056
[ 4 ] CVE‑2021‑1076
https://nvd.nist.gov/vuln/detail/CVE‑2021‑1076
[ 5 ] CVE‑2021‑1077
https://nvd.nist.gov/vuln/detail/CVE‑2021‑1077
[ 6 ] CVE-2021-1090
https://nvd.nist.gov/vuln/detail/CVE-2021-1090
[ 7 ] CVE-2021-1093
https://nvd.nist.gov/vuln/detail/CVE-2021-1093
[ 8 ] CVE-2021-1094
https://nvd.nist.gov/vuln/detail/CVE-2021-1094
[ 9 ] CVE-2021-1095
https://nvd.nist.gov/vuln/detail/CVE-2021-1095
[ 10 ] CVE‑2022‑21813
https://nvd.nist.gov/vuln/detail/CVE‑2022‑21813
[ 11 ] CVE‑2022‑21814
https://nvd.nist.gov/vuln/detail/CVE‑2022‑21814
[ 12 ] CVE-2022-28181
https://nvd.nist.gov/vuln/detail/CVE-2022-28181
[ 13 ] CVE-2022-28183
https://nvd.nist.gov/vuln/detail/CVE-2022-28183
[ 14 ] CVE-2022-28184
https://nvd.nist.gov/vuln/detail/CVE-2022-28184
[ 15 ] CVE-2022-28185
https://nvd.nist.gov/vuln/detail/CVE-2022-28185
[ 16 ] CVE-2022-31607
https://nvd.nist.gov/vuln/detail/CVE-2022-31607
[ 17 ] CVE-2022-31608
https://nvd.nist.gov/vuln/detail/CVE-2022-31608
[ 18 ] CVE-2022-31615
https://nvd.nist.gov/vuln/detail/CVE-2022-31615
[ 19 ] CVE‑2022‑34665
https://nvd.nist.gov/vuln/detail/CVE‑2022‑34665
[ 20 ] CVE-2022-34666
https://nvd.nist.gov/vuln/detail/CVE-2022-34666
[ 21 ] CVE-2022-34670
https://nvd.nist.gov/vuln/detail/CVE-2022-34670
[ 22 ] CVE-2022-34673
https://nvd.nist.gov/vuln/detail/CVE-2022-34673
[ 23 ] CVE-2022-34674
https://nvd.nist.gov/vuln/detail/CVE-2022-34674
[ 24 ] CVE-2022-34676
https://nvd.nist.gov/vuln/detail/CVE-2022-34676
[ 25 ] CVE-2022-34677
https://nvd.nist.gov/vuln/detail/CVE-2022-34677
[ 26 ] CVE-2022-34678
https://nvd.nist.gov/vuln/detail/CVE-2022-34678
[ 27 ] CVE-2022-34679
https://nvd.nist.gov/vuln/detail/CVE-2022-34679
[ 28 ] CVE-2022-34680
https://nvd.nist.gov/vuln/detail/CVE-2022-34680
[ 29 ] CVE-2022-34682
https://nvd.nist.gov/vuln/detail/CVE-2022-34682
[ 30 ] CVE-2022-34684
https://nvd.nist.gov/vuln/detail/CVE-2022-34684
[ 31 ] CVE-2022-42254
https://nvd.nist.gov/vuln/detail/CVE-2022-42254
[ 32 ] CVE-2022-42255
https://nvd.nist.gov/vuln/detail/CVE-2022-42255
[ 33 ] CVE-2022-42256
https://nvd.nist.gov/vuln/detail/CVE-2022-42256
[ 34 ] CVE-2022-42257
https://nvd.nist.gov/vuln/detail/CVE-2022-42257
[ 35 ] CVE-2022-42258
https://nvd.nist.gov/vuln/detail/CVE-2022-42258
[ 36 ] CVE-2022-42259
https://nvd.nist.gov/vuln/detail/CVE-2022-42259
[ 37 ] CVE-2022-42260
https://nvd.nist.gov/vuln/detail/CVE-2022-42260
[ 38 ] CVE-2022-42261
https://nvd.nist.gov/vuln/detail/CVE-2022-42261
[ 39 ] CVE-2022-42263
https://nvd.nist.gov/vuln/detail/CVE-2022-42263
[ 40 ] CVE-2022-42264
https://nvd.nist.gov/vuln/detail/CVE-2022-42264
[ 41 ] CVE-2022-42265
https://nvd.nist.gov/vuln/detail/CVE-2022-42265
[ 42 ] CVE-2023-0180
https://nvd.nist.gov/vuln/detail/CVE-2023-0180
[ 43 ] CVE-2023-0181
https://nvd.nist.gov/vuln/detail/CVE-2023-0181
[ 44 ] CVE-2023-0183
https://nvd.nist.gov/vuln/detail/CVE-2023-0183
[ 45 ] CVE-2023-0184
https://nvd.nist.gov/vuln/detail/CVE-2023-0184
[ 46 ] CVE-2023-0185
https://nvd.nist.gov/vuln/detail/CVE-2023-0185
[ 47 ] CVE-2023-0187
https://nvd.nist.gov/vuln/detail/CVE-2023-0187
[ 48 ] CVE-2023-0188
https://nvd.nist.gov/vuln/detail/CVE-2023-0188
[ 49 ] CVE-2023-0189
https://nvd.nist.gov/vuln/detail/CVE-2023-0189
[ 50 ] CVE-2023-0190
https://nvd.nist.gov/vuln/detail/CVE-2023-0190
[ 51 ] CVE-2023-0191
https://nvd.nist.gov/vuln/detail/CVE-2023-0191
[ 52 ] CVE-2023-0194
https://nvd.nist.gov/vuln/detail/CVE-2023-0194
[ 53 ] CVE-2023-0195
https://nvd.nist.gov/vuln/detail/CVE-2023-0195
[ 54 ] CVE-2023-0198
https://nvd.nist.gov/vuln/detail/CVE-2023-0198
[ 55 ] CVE-2023-0199
https://nvd.nist.gov/vuln/detail/CVE-2023-0199

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202310-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

CVE-2023-0198: NVIDIA Support

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.

Ubuntu Security Notice USN-5547-1

Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5547-1

Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5547-1

Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.  NVIDIA graphics... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2021-1095: NVIDIA Support

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.

CVE-2021-1052: NVIDIA Support

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.

Packet Storm: Latest News

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download