Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 845063 (CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185)

Summary: <x11-drivers/nvidia-drivers-{390.151:0/390,470.129.06:0/470,510.73.05:0/510}: multiple vulnerabilities (CVE-2022-{28181,28183,28184,28185})
Product: Gentoo Security Reporter: Ionen Wolkens <ionen>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: major CC: ionen, soap
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
Whiteboard: B1 [glsa?]
Package list:
Runtime testing required: ---

Description Ionen Wolkens gentoo-dev 2022-05-16 18:41:49 UTC
CVE-2022-28181:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

CVE-2022-28183:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

CVE-2022-28184:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.

CVE-2022-28185:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

CVE-2022-{28191,28192} omitted given vGPU software is not provided in Gentoo

Bumps already in-tree, will stabilize 390.151 and 470.129.06 in ~10 days.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-17 14:38:47 UTC
Thanks ionen! Sorry for the delay in handling
Comment 2 Larry the Git Cow gentoo-dev 2022-05-26 06:07:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3754b69f2626387585d56a278ac015d1cd507484

commit 3754b69f2626387585d56a278ac015d1cd507484
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2022-05-26 04:38:53 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2022-05-26 06:06:02 +0000

    x11-drivers/nvidia-drivers: drop vuln 390.147, 470.103.01, 510.68.02
    
    Bug: https://bugs.gentoo.org/845063
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |  15 -
 .../nvidia-drivers/nvidia-drivers-390.147.ebuild   | 424 -------------------
 .../nvidia-drivers-470.103.01.ebuild               | 447 --------------------
 .../nvidia-drivers/nvidia-drivers-510.68.02.ebuild | 458 ---------------------
 4 files changed, 1344 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52f6e0c523603935fc186e24555e42fe63448b00

commit 52f6e0c523603935fc186e24555e42fe63448b00
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2022-05-26 04:38:22 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2022-05-26 06:06:02 +0000

    x11-drivers/nvidia-drivers: stabilize 470.129.06 for amd64
    
    Bug: https://bugs.gentoo.org/845063
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-470.129.06.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f758b3f99a201045a90c81ecc16914950532c5f7

commit f758b3f99a201045a90c81ecc16914950532c5f7
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2022-05-26 04:38:07 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2022-05-26 06:06:01 +0000

    x11-drivers/nvidia-drivers: stabilize 390.151 for amd64, x86
    
    Bug: https://bugs.gentoo.org/845063
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-390.151.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-29 01:22:30 UTC
Thanks!