Headline
Gentoo Linux Security Advisory 202310-02
Gentoo Linux Security Advisory 202310-2 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected.
Gentoo Linux Security Advisory GLSA 202310-02
https://security.gentoo.org/
Severity: Normal
Title: NVIDIA Drivers: Multiple Vulnerabilities
Date: October 03, 2023
Bugs: #764512, #784596, #803389, #832867, #845063, #866527, #881341, #884045, #903614
ID: 202310-02
Synopsis
Multiple vulnerabilities have been discovered in NVIDIA Drivers, the
worst of which could result in root privilege escalation.
Background
NVIDIA Drivers are NVIDIA’s accelerated graphics driver.
Affected packages
Package Vulnerable Unaffected
x11-drivers/nvidia-drivers < 470.182.03 >= 470.182.03
Description
Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please
review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All NVIDIA Drivers 470 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-470.182.03:0/470”
All NVIDIA Drivers 515 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-515.105.01:0/515”
All NVIDIA Drivers 525 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-525.105.17:0/525”
All NVIDIA Drivers 530 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=x11-drivers/nvidia-drivers-530.41.03:0/530”
References
[ 1 ] CVE-2021-1052
https://nvd.nist.gov/vuln/detail/CVE-2021-1052
[ 2 ] CVE-2021-1053
https://nvd.nist.gov/vuln/detail/CVE-2021-1053
[ 3 ] CVE-2021-1056
https://nvd.nist.gov/vuln/detail/CVE-2021-1056
[ 4 ] CVE‑2021‑1076
https://nvd.nist.gov/vuln/detail/CVE‑2021‑1076
[ 5 ] CVE‑2021‑1077
https://nvd.nist.gov/vuln/detail/CVE‑2021‑1077
[ 6 ] CVE-2021-1090
https://nvd.nist.gov/vuln/detail/CVE-2021-1090
[ 7 ] CVE-2021-1093
https://nvd.nist.gov/vuln/detail/CVE-2021-1093
[ 8 ] CVE-2021-1094
https://nvd.nist.gov/vuln/detail/CVE-2021-1094
[ 9 ] CVE-2021-1095
https://nvd.nist.gov/vuln/detail/CVE-2021-1095
[ 10 ] CVE‑2022‑21813
https://nvd.nist.gov/vuln/detail/CVE‑2022‑21813
[ 11 ] CVE‑2022‑21814
https://nvd.nist.gov/vuln/detail/CVE‑2022‑21814
[ 12 ] CVE-2022-28181
https://nvd.nist.gov/vuln/detail/CVE-2022-28181
[ 13 ] CVE-2022-28183
https://nvd.nist.gov/vuln/detail/CVE-2022-28183
[ 14 ] CVE-2022-28184
https://nvd.nist.gov/vuln/detail/CVE-2022-28184
[ 15 ] CVE-2022-28185
https://nvd.nist.gov/vuln/detail/CVE-2022-28185
[ 16 ] CVE-2022-31607
https://nvd.nist.gov/vuln/detail/CVE-2022-31607
[ 17 ] CVE-2022-31608
https://nvd.nist.gov/vuln/detail/CVE-2022-31608
[ 18 ] CVE-2022-31615
https://nvd.nist.gov/vuln/detail/CVE-2022-31615
[ 19 ] CVE‑2022‑34665
https://nvd.nist.gov/vuln/detail/CVE‑2022‑34665
[ 20 ] CVE-2022-34666
https://nvd.nist.gov/vuln/detail/CVE-2022-34666
[ 21 ] CVE-2022-34670
https://nvd.nist.gov/vuln/detail/CVE-2022-34670
[ 22 ] CVE-2022-34673
https://nvd.nist.gov/vuln/detail/CVE-2022-34673
[ 23 ] CVE-2022-34674
https://nvd.nist.gov/vuln/detail/CVE-2022-34674
[ 24 ] CVE-2022-34676
https://nvd.nist.gov/vuln/detail/CVE-2022-34676
[ 25 ] CVE-2022-34677
https://nvd.nist.gov/vuln/detail/CVE-2022-34677
[ 26 ] CVE-2022-34678
https://nvd.nist.gov/vuln/detail/CVE-2022-34678
[ 27 ] CVE-2022-34679
https://nvd.nist.gov/vuln/detail/CVE-2022-34679
[ 28 ] CVE-2022-34680
https://nvd.nist.gov/vuln/detail/CVE-2022-34680
[ 29 ] CVE-2022-34682
https://nvd.nist.gov/vuln/detail/CVE-2022-34682
[ 30 ] CVE-2022-34684
https://nvd.nist.gov/vuln/detail/CVE-2022-34684
[ 31 ] CVE-2022-42254
https://nvd.nist.gov/vuln/detail/CVE-2022-42254
[ 32 ] CVE-2022-42255
https://nvd.nist.gov/vuln/detail/CVE-2022-42255
[ 33 ] CVE-2022-42256
https://nvd.nist.gov/vuln/detail/CVE-2022-42256
[ 34 ] CVE-2022-42257
https://nvd.nist.gov/vuln/detail/CVE-2022-42257
[ 35 ] CVE-2022-42258
https://nvd.nist.gov/vuln/detail/CVE-2022-42258
[ 36 ] CVE-2022-42259
https://nvd.nist.gov/vuln/detail/CVE-2022-42259
[ 37 ] CVE-2022-42260
https://nvd.nist.gov/vuln/detail/CVE-2022-42260
[ 38 ] CVE-2022-42261
https://nvd.nist.gov/vuln/detail/CVE-2022-42261
[ 39 ] CVE-2022-42263
https://nvd.nist.gov/vuln/detail/CVE-2022-42263
[ 40 ] CVE-2022-42264
https://nvd.nist.gov/vuln/detail/CVE-2022-42264
[ 41 ] CVE-2022-42265
https://nvd.nist.gov/vuln/detail/CVE-2022-42265
[ 42 ] CVE-2023-0180
https://nvd.nist.gov/vuln/detail/CVE-2023-0180
[ 43 ] CVE-2023-0181
https://nvd.nist.gov/vuln/detail/CVE-2023-0181
[ 44 ] CVE-2023-0183
https://nvd.nist.gov/vuln/detail/CVE-2023-0183
[ 45 ] CVE-2023-0184
https://nvd.nist.gov/vuln/detail/CVE-2023-0184
[ 46 ] CVE-2023-0185
https://nvd.nist.gov/vuln/detail/CVE-2023-0185
[ 47 ] CVE-2023-0187
https://nvd.nist.gov/vuln/detail/CVE-2023-0187
[ 48 ] CVE-2023-0188
https://nvd.nist.gov/vuln/detail/CVE-2023-0188
[ 49 ] CVE-2023-0189
https://nvd.nist.gov/vuln/detail/CVE-2023-0189
[ 50 ] CVE-2023-0190
https://nvd.nist.gov/vuln/detail/CVE-2023-0190
[ 51 ] CVE-2023-0191
https://nvd.nist.gov/vuln/detail/CVE-2023-0191
[ 52 ] CVE-2023-0194
https://nvd.nist.gov/vuln/detail/CVE-2023-0194
[ 53 ] CVE-2023-0195
https://nvd.nist.gov/vuln/detail/CVE-2023-0195
[ 54 ] CVE-2023-0198
https://nvd.nist.gov/vuln/detail/CVE-2023-0198
[ 55 ] CVE-2023-0199
https://nvd.nist.gov/vuln/detail/CVE-2023-0199
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.
NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.
NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.
NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.
NVIDIA recently released patches to address multiple flaws in Windows. Four of them were rated high in severity. The post Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers appeared first on Malwarebytes Labs.
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics... [[ This is only the beginning! Please visit the blog for the complete entry ]]
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.