Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 764512 (CVE-2021-1052, CVE-2021-1053, CVE-2021-1056) - <x11-drivers/nvidia-drivers-{390.141, 450.102.04, 460.39}: multiple vulnerabilities (CVE-2021-{1052,1053,1056})
Summary: <x11-drivers/nvidia-drivers-{390.141, 450.102.04, 460.39}: multiple vulnerabi...
Status: CONFIRMED
Alias: CVE-2021-1052, CVE-2021-1053, CVE-2021-1056
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical with 2 votes (vote)
Assignee: Gentoo Security
URL: https://nvidia.custhelp.com/app/answe...
Whiteboard: A1 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-08 20:18 UTC by John Helmert III
Modified: 2021-02-16 11:05 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-01-08 20:18:55 UTC
CVE-2021-1052:

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.

CVE-2021-1053:

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.

CVE-2021-1056:

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.


So, branches 450 and 460 will get a fix the week of January 18th for Tesla devices, but the currently released fixed versions for other devices are 390.141, 450.102.04, and 460.32.03.
Comment 1 nvaert1986 2021-01-25 11:09:19 UTC
Is there any indication when nvidia-drivers-460.32.03 will be added to portage due to the security bugs?
Comment 2 John Helmert III gentoo-dev Security 2021-01-27 02:03:39 UTC
Ping, looks like everything has been bumped upstream.
Comment 3 Ionen Wolkens 2021-01-27 02:24:10 UTC
Been testing 460.39 and I don't readily see any issues with it, if anything it has some important fixes on top of everything else and may be a good candidate for the next stable when we get there.
Comment 4 Alexander Bezrukov 2021-01-27 07:56:32 UTC
I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which fixes a long-standing (for years) bug with broken ddc communications), so far everything seems ok.
Comment 5 Alexander Bezrukov 2021-01-27 07:57:26 UTC
(In reply to Alexander Bezrukov from comment #4)
> I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which
> fixes a long-standing (for years) bug with broken ddc communications), so
> far everything seems ok.

Sorry, typo, the kernel is vanilla 5.10.10.
Comment 6 Larry the Git Cow gentoo-dev 2021-02-08 08:58:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eac4960f316903a54acbf5ad0226b0ea2f06610c

commit eac4960f316903a54acbf5ad0226b0ea2f06610c
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-08 08:57:22 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-08 08:57:22 +0000

    x11-drivers/nvidia-drivers: Version bump to 460.39
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   2 +
 .../nvidia-drivers/nvidia-drivers-460.39.ebuild    | 578 +++++++++++++++++++++
 2 files changed, 580 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bd4a386e620ffc386a0ea0edb895985459d921c

commit 7bd4a386e620ffc386a0ea0edb895985459d921c
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-08 08:57:16 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-08 08:57:16 +0000

    x11-drivers/nvidia-drivers: Version bump to 450.102.04
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 +
 .../nvidia-drivers-450.102.04.ebuild               | 578 +++++++++++++++++++++
 2 files changed, 581 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ec1f2d8486971cfb13e6ae5faa9874e35819377

commit 9ec1f2d8486971cfb13e6ae5faa9874e35819377
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-08 08:57:10 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-08 08:57:10 +0000

    x11-drivers/nvidia-drivers: Version bump to 390.141
    
    Bug: https://bugs.gentoo.org/764512
    Closes: https://bugs.gentoo.org/767349
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   6 +
 .../nvidia-drivers/nvidia-drivers-390.141.ebuild   | 591 +++++++++++++++++++++
 2 files changed, 597 insertions(+)
Comment 7 Larry the Git Cow gentoo-dev 2021-02-14 14:22:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a1d1797777b3a3caebd1f8887e74c314626312b

commit 5a1d1797777b3a3caebd1f8887e74c314626312b
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:18 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:18 +0000

    x11-drivers/nvidia-drivers: Remove old 460
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 -
 x11-drivers/nvidia-drivers/metadata.xml            |   2 -
 .../nvidia-drivers/nvidia-drivers-460.27.04.ebuild | 578 ---------------------
 3 files changed, 583 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bb7ee9562316f7a481e9882f214629b1c0576fc

commit 0bb7ee9562316f7a481e9882f214629b1c0576fc
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:15 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:15 +0000

    x11-drivers/nvidia-drivers: Remove old 455
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 -
 .../nvidia-drivers-455.45.01-r1.ebuild             | 579 ---------------------
 2 files changed, 582 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e168227387c1287079529dea73729bd90ed384

commit d8e168227387c1287079529dea73729bd90ed384
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:12 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:12 +0000

    x11-drivers/nvidia-drivers: Remove old 450
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 -
 .../nvidia-drivers-450.80.02-r1.ebuild             | 578 ---------------------
 2 files changed, 581 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a0b0e6360ae91c20819e9aea2024cef84df9dc

commit f4a0b0e6360ae91c20819e9aea2024cef84df9dc
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:09 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:09 +0000

    x11-drivers/nvidia-drivers: Remove old 440
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 -
 .../nvidia-drivers-440.100-r3.ebuild               | 575 ---------------------
 2 files changed, 578 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f5d2e1f6d18219ae2b1fab0df40724b95d163ee

commit 8f5d2e1f6d18219ae2b1fab0df40724b95d163ee
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:06 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:06 +0000

    x11-drivers/nvidia-drivers: Remove old 435
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   3 -
 .../nvidia-drivers/nvidia-drivers-435.21-r7.ebuild | 572 ---------------------
 2 files changed, 575 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10520b988206a8bdaccc01061c47a9f2c72239b0

commit 10520b988206a8bdaccc01061c47a9f2c72239b0
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2021-02-14 14:22:03 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-02-14 14:22:03 +0000

    x11-drivers/nvidia-drivers: Remove old 390
    
    Bug: https://bugs.gentoo.org/764512
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: David Seifert <soap@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   6 -
 .../nvidia-drivers-390.138-r5.ebuild               | 591 ---------------------
 2 files changed, 597 deletions(-)
Comment 8 Alex Belits 2021-02-16 11:05:06 UTC
440.100 is the latest driver that is not affected by a bug that causes kernel NULL pointer dereference (see https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference/155506/166 ).

It may be that 418.181.07 is the only fixed version prior to that bug (see https://nvidia.custhelp.com/app/answers/detail/a_id/5142 ) that supports current hardware.

Neither is now available in repository.

There is also a problem with CUDA support -- downgrading to 390.x or 418.x would mean that only CUDA up to version 9 is supported.