Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5547-1

Ubuntu Security Notice 5547-1 - Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#perl

=========================================================================
Ubuntu Security Notice USN-5547-1
August 03, 2022

nvidia-graphics-drivers-390, nvidia-graphics-drivers-450-server,
nvidia-graphics-drivers-470, nvidia-graphics-drivers-470-server,
nvidia-graphics-drivers-510, nvidia-graphics-drivers-510-server,
nvidia-graphics-drivers-515, nvidia-graphics-drivers-515-server
vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in NVIDIA graphics drivers.

Software Description:

  • nvidia-graphics-drivers-390: NVIDIA binary X.Org driver
  • nvidia-graphics-drivers-450-server: NVIDIA server driver
  • nvidia-graphics-drivers-470: NVIDIA binary X.Org driver
  • nvidia-graphics-drivers-470-server: NVIDIA server driver
  • nvidia-graphics-drivers-510: NVIDIA binary X.Org driver
  • nvidia-graphics-drivers-510-server: NVIDIA server driver
  • nvidia-graphics-drivers-515: NVIDIA binary X.Org driver
  • nvidia-graphics-drivers-515-server: NVIDIA server driver

Details:

Le Wu discovered that the NVIDIA graphics drivers did not properly perform
input validation in some situations. A local user could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-31607)

Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled
certain memory operations, leading to a null-pointer dereference. A local
attacker could use this to cause a denial of service. (CVE-2022-31615)

Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic
Boost D-Bus component did not properly restrict access to its endpoint.
When enabled in non-default configurations, a local attacker could use this
to cause a denial of service or possibly execute arbitrary code.
(CVE-2022-31608)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
xserver-xorg-video-nvidia-390 390.154-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-440-server 450.203.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-450-server 450.203.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-460 470.141.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-460-server 470.141.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-465 470.141.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-470 470.141.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-470-server 470.141.03-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-495 510.85.02-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-510 510.85.02-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-510-server 510.85.02-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-515 515.65.01-0ubuntu0.22.04.1
xserver-xorg-video-nvidia-515-server 515.65.01-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
xserver-xorg-video-nvidia-390 390.154-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-440-server 450.203.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-450-server 450.203.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-460 470.141.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-460-server 470.141.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-465 470.141.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-470 470.141.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-470-server 470.141.03-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-495 510.85.02-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-510 510.85.02-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-510-server 510.85.02-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-515 515.65.01-0ubuntu0.20.04.1
xserver-xorg-video-nvidia-515-server 515.65.01-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
xserver-xorg-video-nvidia-390 390.154-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-440-server 450.203.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-450-server 450.203.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-460 470.141.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-460-server 470.141.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-465 470.141.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-470 470.141.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-470-server 470.141.03-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-495 510.85.02-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-510 510.85.02-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-510-server 510.85.02-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-515 515.65.01-0ubuntu0.18.04.1
xserver-xorg-video-nvidia-515-server 515.65.01-0ubuntu0.18.04.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5547-1
CVE-2022-31607, CVE-2022-31608, CVE-2022-31615

Package Information:
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/390.154-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-450-server/450.203.03-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470/470.141.03-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470-server/470.141.03-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510/510.85.02-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510-server/510.85.02-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515/515.65.01-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515-server/515.65.01-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/390.154-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-450-server/450.203.03-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470/470.141.03-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470-server/470.141.03-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510/510.85.02-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510-server/510.85.02-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515/515.65.01-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515-server/515.65.01-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-390/390.154-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-450-server/450.203.03-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470/470.141.03-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-470-server/470.141.03-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510/510.85.02-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-510-server/510.85.02-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515/515.65.01-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-515-server/515.65.01-0ubuntu0.18.04.1

Related news

Gentoo Linux Security Advisory 202310-02

Gentoo Linux Security Advisory 202310-2 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.182.03 are affected.

Packet Storm: Latest News

Nexus Repository Traversal Scanner