Debian Bug report logs - #1033783
nvidia-open-gpu-kernel-modules: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191

version graph

Package: src:nvidia-open-gpu-kernel-modules; Maintainer for src:nvidia-open-gpu-kernel-modules is Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>;

Reported by: Andreas Beckmann <anbe@debian.org>

Date: Sat, 1 Apr 2023 08:06:01 UTC

Severity: serious

Tags: security, upstream

Found in versions nvidia-open-gpu-kernel-modules/525.85.12-1, nvidia-open-gpu-kernel-modules/515.43.04-1, nvidia-open-gpu-kernel-modules/520.56.06-1, nvidia-open-gpu-kernel-modules/530.30.02-1

Fixed in versions nvidia-open-gpu-kernel-modules/530.41.03-1, nvidia-open-gpu-kernel-modules/525.105.17-1

Done: Andreas Beckmann <anbe@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>:
Bug#1033774; Package src:nvidia-graphics-drivers. (Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).

Acknowledgement sent to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>. (Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <anbe@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nvidia-graphics-drivers: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Date: Sat, 01 Apr 2023 10:02:02 +0200
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -8 + wontfix
Control: close -8 510.85.02-2
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -9 515.48.07-1
Control: found -9 525.60.13-1
Control: reassign -10 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -10 nvidia-open-gpu-kernel-modules: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -10 520.56.06-1
Control: found -10 525.85.12-1
Control: found -10 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: fixed -1 530.41.03-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5452

CVE-2023-0189 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, which may lead to code
execution, denial of service, escalation of privileges, information
disclosure, and data tampering.

CVE-2023-0184 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, which may lead to
denial of service, escalation of privileges, information disclosure, and
data tampering.

CVE-2023-0181 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in a kernel mode layer handler, where memory permissions
are not correctly checked, which may lead to denial of service and data
tampering.

CVE-2023-0191 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
access may lead to denial of service or data tampering.

CVE-2023-0183 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer where an out-of-bounds write can
lead to denial of service and data tampering.

CVE-2023-0180 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in a kernel mode layer handler, which may lead to denial
of service or information disclosure.

CVE-2023-0185 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where sign conversion issues may
lead to denial of service or information disclosure.

CVE-2023-0198 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where improper restriction of
operations within the bounds of a memory buffer can lead to denial of
service, information disclosure, and data tampering.

CVE-2023-0187 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
read can lead to denial of service.

CVE-2023-0199 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
write can lead to denial of service and data tampering.

CVE-2023-0190 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where a NULL pointer dereference
may lead to denial of service.

CVE-2023-0188 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
user can cause an out-of-bounds read, which may lead to denial of
service.

CVE-2023-0194 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to denial of service.

CVE-2023-0195 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to information disclosure.


Linux Driver Branch 	CVE IDs Addressed

R530, R525, R515 	CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
			CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
			CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
			CVE-2023-0191

R470 			CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0185, CVE-2023-0187, CVE-2023-0198,
			CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
			CVE-2023-0194, CVE-2023-0195, CVE-2023-0191

R450 			CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0185, CVE-2023-0198, CVE-2023-0199,
			CVE-2023-0188, CVE-2023-0190, CVE-2023-0194,
			CVE-2023-0195, CVE-2023-0191


Driver Branch 	Affected Driver Versions 			Updated Driver Version
R530		All driver versions prior to 530.41.03 		530.41.03
R525 		All driver versions prior to 525.105.17 	525.105.17
R515 		All driver versions prior to 515.105.01 	515.105.01
R470 		All driver versions prior to 470.182.03 	470.182.03
R450 		All driver versions prior to 450.236.01 	450.236.01


Andreas

Bug 1033774 cloned as bugs 1033775, 1033776, 1033777, 1033778, 1033779, 1033780, 1033781, 1033782, 1033783 Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:03 GMT) (full text, mbox, link).

Bug reassigned from package 'src:nvidia-graphics-drivers' to 'src:nvidia-open-gpu-kernel-modules'. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:22 GMT) (full text, mbox, link).

Marked as found in versions nvidia-open-gpu-kernel-modules/515.43.04-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:22 GMT) (full text, mbox, link).

Changed Bug title to 'nvidia-open-gpu-kernel-modules: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191' from 'nvidia-graphics-drivers: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191'. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:23 GMT) (full text, mbox, link).

Marked as found in versions nvidia-open-gpu-kernel-modules/520.56.06-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:23 GMT) (full text, mbox, link).

Marked as found in versions nvidia-open-gpu-kernel-modules/525.85.12-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:24 GMT) (full text, mbox, link).

Marked as found in versions nvidia-open-gpu-kernel-modules/530.30.02-1. Request was from Andreas Beckmann <anbe@debian.org> to submit@bugs.debian.org. (Sat, 01 Apr 2023 08:06:24 GMT) (full text, mbox, link).

Reply sent to Andreas Beckmann <anbe@debian.org>:
You have taken responsibility. (Mon, 17 Apr 2023 16:51:05 GMT) (full text, mbox, link).

Notification sent to Andreas Beckmann <anbe@debian.org>:
Bug acknowledged by developer. (Mon, 17 Apr 2023 16:51:05 GMT) (full text, mbox, link).

Message #24 received at 1033783-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1033783-close@bugs.debian.org
Subject: Bug#1033783: fixed in nvidia-open-gpu-kernel-modules 525.105.17-1
Date: Mon, 17 Apr 2023 16:49:20 +0000
Source: nvidia-open-gpu-kernel-modules
Source-Version: 525.105.17-1
Done: Andreas Beckmann <anbe@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033783@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Apr 2023 18:23:16 +0200
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 525.105.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 1033783
Changes:
 nvidia-open-gpu-kernel-modules (525.105.17-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.105.17 (2023-03-30).
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.  (Closes: #1033783)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
   * Refresh patches.
Checksums-Sha1:
 ad4004d73bd72fe73956db9593167726d4cbc95e 2729 nvidia-open-gpu-kernel-modules_525.105.17-1.dsc
 0d555978d9696cbafbab7627fa146b79d1566cc3 10120440 nvidia-open-gpu-kernel-modules_525.105.17.orig.tar.xz
 b1aa3aaf982f506c687e461430566a12800f4578 19388 nvidia-open-gpu-kernel-modules_525.105.17-1.debian.tar.xz
 8013464ef9e726a61cafa0655444cc069c0031b3 5671 nvidia-open-gpu-kernel-modules_525.105.17-1_source.buildinfo
Checksums-Sha256:
 7086ee2d52fc20f0374a0ae6659749be2ba60857368f45b3bcea3e61e973eabe 2729 nvidia-open-gpu-kernel-modules_525.105.17-1.dsc
 639774b02efe872638295402d14fcda91f6e90b71273b04a62caf8733794b14f 10120440 nvidia-open-gpu-kernel-modules_525.105.17.orig.tar.xz
 a0eac064003de294f6218260009c32d0bcbcd689326aabb149eb4e40877c2148 19388 nvidia-open-gpu-kernel-modules_525.105.17-1.debian.tar.xz
 9e08585fd6ccf1b89007a8082a343b0b038057f18f124c1a0a123d047e68016b 5671 nvidia-open-gpu-kernel-modules_525.105.17-1_source.buildinfo
Files:
 ea499415fcbbef4fca83cf12d356eff4 2729 contrib/kernel optional nvidia-open-gpu-kernel-modules_525.105.17-1.dsc
 cc21d10239d05326fec4bb31cd647821 10120440 contrib/kernel optional nvidia-open-gpu-kernel-modules_525.105.17.orig.tar.xz
 1725413bb3f6398956fed54ef8e67e05 19388 contrib/kernel optional nvidia-open-gpu-kernel-modules_525.105.17-1.debian.tar.xz
 e3e6a618cd24e3cd6213da6daa8824f5 5671 contrib/kernel optional nvidia-open-gpu-kernel-modules_525.105.17-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmQ9c9YQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCEfOEACFa0XrV6G2YWO+Iu1QQX3LkMpc7Kpa+v7B
fE61qA/20RUR4hLbHkLU0oc9QzPcE3ZYgEXNDbGaFivzNMaw/TKuCixxOcHyku2O
T0N882NKf7sboY7lXq33BYPrysGctsNiMe21z0T9MMrrraFPqMgxq+c+WkBmIFln
GU3aSVQOYe4PwbmYPX0G1PwqlrROGp6bvIZFH0jLY8BtvJ2ilX6xwaM7yfP+pkYA
GiuP5I9DlTpbiM2J8bikTJrGExGJModqI8dlRwV2k1BlG+v7bjk55uF4Yn97vEut
xrYgDj/ZiKOmRvoVfqjPKU3DK35al3Iu/85/rw0oP+Ej1WE7FerFrqH1ovlhzMN6
rnNMz6eybAPgKg5A35FhYw6qvVdwIQOtNXOUE0M7YuTXsTTDo2O9Kyq87Bs61GSD
yqRzixYLkZPCx1O8W1QgOVpx4hrDGv+zrOcPGHhNZBJpdxvbyghfVcmWOHrbc0Kb
wFdDsxv2M0sZhzx+akK4kEMg/LKu4fXU99Grn0ekuyA8zrQqVA4yg9OcOrTgwnC6
YizkbIrcGrc3E0mtcKQl33t9DNRX2wf2Iz7vy5pQm0O7Tv6xNRRlcJeBxHqV8F20
A9BQlY8lTFg0SFYmpynVzF7BnX3Ofck+2vvvvxwKPXiM0iIeLZfcZxbKta8QZ/sy
ERBPyl+C0A==
=0D+G
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 May 2023 07:33:22 GMT) (full text, mbox, link).

Bug unarchived. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 22 Mar 2024 16:48:04 GMT) (full text, mbox, link).

Marked as fixed in versions nvidia-open-gpu-kernel-modules/530.41.03-1. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 22 Mar 2024 16:48:05 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 20 Apr 2024 07:30:54 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jan 25 13:01:13 2026; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.