Summary: | x11-drivers/nvidia-drivers CVE-2017-6266 CVE-2017-6267 CVE-2017-6272 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvidia.custhelp.com/app/answers/detail/a_id/4544 | ||
Whiteboard: | A3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2017-09-27 12:08:24 UTC
CVE-2017-6266(https://nvd.nist.gov/vuln/detail/CVE-2017-6266): NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. CVE-2017-6267(https://nvd.nist.gov/vuln/detail/CVE-2017-6267): NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. CVE-2017-6272(https://nvd.nist.gov/vuln/detail/CVE-2017-6272): NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. @maintainter(s) fixed version `=375.88`, in tree version `375.82`. Please confirm if CVE-2017-6272 were addressed in Gentoo's branch of R375 or not. Gentoo Security Padawan (jmbailey/mbailey_j) Maintainer(s): Ping. Looks like the only vulnerable version in the tree is 340.108 based on [1]. Do we need to keep it? If so, maybe it needs to be masked? [1] https://nvidia.custhelp.com/app/answers/detail/a_id/4544 Looks like the only last vulnerable versions we had on the 384 branch were removed in b40400b5ec0252bee0915be28ba1b294de479972 in September of 2017: commit b40400b5ec0252bee0915be28ba1b294de479972 Author: Jeroen Roovers <jer@gentoo.org> Date: Wed Sep 27 18:25:41 2017 +0200 x11-drivers/nvidia-drivers: Old. Package-Manager: Portage-2.3.10, Repoman-2.3.3 [...] delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-384.59-r1.ebuild delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-384.69.ebuild And the same for the 375 branch ebuilds, cleaned up January 2019: commit eb22dfef2d7c2ae67f092cbbdd9a0631ca609f56 Author: Jeroen Roovers <jer@gentoo.org> Date: Wed Jan 16 10:59:29 2019 +0100 x11-drivers/nvidia-drivers: Drop unmaintained branches Bug: https://bugs.gentoo.org/669588 Closes: https://bugs.gentoo.org/673392 Closes: https://bugs.gentoo.org/673490 Package-Manager: Portage-2.3.56, Repoman-2.3.12 Signed-off-by: Jeroen Roovers <jer@gentoo.org> [...] delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-375.82.ebuild [...] Tree clean, too old for GLSA. |