Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 760708 (CVE-2020-5991) - <dev-util/nvidia-cuda-toolkit-11.1.1: OOB read/write in vulnerable NVJPEG library (CVE-2020-5991)
Summary: <dev-util/nvidia-cuda-toolkit-11.1.1: OOB read/write in vulnerable NVJPEG lib...
Status: RESOLVED FIXED
Alias: CVE-2020-5991
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://nvidia.custhelp.com/app/answe...
Whiteboard: ~1 [noglsa]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2020-12-19 08:56 UTC by John Helmert III
Modified: 2022-03-20 19:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-19 08:56:11 UTC 
CVE-2020-5991 (https://nvidia.custhelp.com/app/answers/detail/a_id/5094):

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.


Maintainers, please cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2020-12-27 20:09:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca72dce41454b63e96cec1fc1e4e34ea0b48a315

commit ca72dce41454b63e96cec1fc1e4e34ea0b48a315
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-12-27 20:08:56 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-12-27 20:08:56 +0000

    dev-util/nvidia-cuda-toolkit: Version bump to 11.2.0
    
    Bug: https://bugs.gentoo.org/691284
    Bug: https://bugs.gentoo.org/749903
    Bug: https://bugs.gentoo.org/760708
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 dev-util/nvidia-cuda-toolkit/Manifest              |   1 +
 ...da-toolkit-11.2.0-nsight-systems-launcher.patch |  12 +
 .../nvidia-cuda-toolkit-11.2.0.ebuild              | 258 +++++++++++++++++++++
 3 files changed, 271 insertions(+)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:24:58 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:33:30 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:41:23 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:49:32 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:05:27 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:13:45 UTC 
Package list is empty or all packages have requested keywords.
Comment 8 Larry the Git Cow gentoo-dev 2021-12-20 10:57:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bf1115193ab82db31e31e684938d9c2b1749308

commit 0bf1115193ab82db31e31e684938d9c2b1749308
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-12-20 10:57:39 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-12-20 10:57:39 +0000

    profiles: last-rite CUDA 10
    
    Closes: https://github.com/gentoo/gentoo/pull/23425
    Bug: https://bugs.gentoo.org/721808
    Bug: https://bugs.gentoo.org/760708
    Signed-off-by: David Seifert <soap@gentoo.org>

 profiles/base/package.use.mask | 6 ++++++
 profiles/package.mask          | 7 +++++++
 2 files changed, 13 insertions(+)
Comment 9 Larry the Git Cow gentoo-dev 2022-03-20 17:32:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fb1bccf8f7d49a5ce14afa2a1b6ff2c7a5da117

commit 4fb1bccf8f7d49a5ce14afa2a1b6ff2c7a5da117
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2022-03-20 17:32:08 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2022-03-20 17:32:08 +0000

    dev-util/nvidia-cuda-toolkit: drop 10.2.89-r4
    
    Closes: https://bugs.gentoo.org/749903
    Bug: https://bugs.gentoo.org/760708
    Signed-off-by: David Seifert <soap@gentoo.org>

 dev-util/nvidia-cuda-toolkit/Manifest              |   1 -
 dev-util/nvidia-cuda-toolkit/metadata.xml          |   1 -
 .../nvidia-cuda-toolkit-10.2.89-r4.ebuild          | 158 ---------------------
 profiles/package.mask                              |   6 -
 4 files changed, 166 deletions(-)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-20 19:00:24 UTC 
All done, thanks!