CVE-2021-1052: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. CVE-2021-1053: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. CVE-2021-1056: NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. So, branches 450 and 460 will get a fix the week of January 18th for Tesla devices, but the currently released fixed versions for other devices are 390.141, 450.102.04, and 460.32.03.
Is there any indication when nvidia-drivers-460.32.03 will be added to portage due to the security bugs?
Ping, looks like everything has been bumped upstream.
Been testing 460.39 and I don't readily see any issues with it, if anything it has some important fixes on top of everything else and may be a good candidate for the next stable when we get there.
I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which fixes a long-standing (for years) bug with broken ddc communications), so far everything seems ok.
(In reply to Alexander Bezrukov from comment #4) > I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which > fixes a long-standing (for years) bug with broken ddc communications), so > far everything seems ok. Sorry, typo, the kernel is vanilla 5.10.10.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eac4960f316903a54acbf5ad0226b0ea2f06610c commit eac4960f316903a54acbf5ad0226b0ea2f06610c Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:22 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:22 +0000 x11-drivers/nvidia-drivers: Version bump to 460.39 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 2 + .../nvidia-drivers/nvidia-drivers-460.39.ebuild | 578 +++++++++++++++++++++ 2 files changed, 580 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bd4a386e620ffc386a0ea0edb895985459d921c commit 7bd4a386e620ffc386a0ea0edb895985459d921c Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:16 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:16 +0000 x11-drivers/nvidia-drivers: Version bump to 450.102.04 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 + .../nvidia-drivers-450.102.04.ebuild | 578 +++++++++++++++++++++ 2 files changed, 581 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ec1f2d8486971cfb13e6ae5faa9874e35819377 commit 9ec1f2d8486971cfb13e6ae5faa9874e35819377 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:10 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:10 +0000 x11-drivers/nvidia-drivers: Version bump to 390.141 Bug: https://bugs.gentoo.org/764512 Closes: https://bugs.gentoo.org/767349 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 6 + .../nvidia-drivers/nvidia-drivers-390.141.ebuild | 591 +++++++++++++++++++++ 2 files changed, 597 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a1d1797777b3a3caebd1f8887e74c314626312b commit 5a1d1797777b3a3caebd1f8887e74c314626312b Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:18 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:18 +0000 x11-drivers/nvidia-drivers: Remove old 460 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - x11-drivers/nvidia-drivers/metadata.xml | 2 - .../nvidia-drivers/nvidia-drivers-460.27.04.ebuild | 578 --------------------- 3 files changed, 583 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bb7ee9562316f7a481e9882f214629b1c0576fc commit 0bb7ee9562316f7a481e9882f214629b1c0576fc Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:15 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:15 +0000 x11-drivers/nvidia-drivers: Remove old 455 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-455.45.01-r1.ebuild | 579 --------------------- 2 files changed, 582 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e168227387c1287079529dea73729bd90ed384 commit d8e168227387c1287079529dea73729bd90ed384 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:12 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:12 +0000 x11-drivers/nvidia-drivers: Remove old 450 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-450.80.02-r1.ebuild | 578 --------------------- 2 files changed, 581 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a0b0e6360ae91c20819e9aea2024cef84df9dc commit f4a0b0e6360ae91c20819e9aea2024cef84df9dc Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:09 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:09 +0000 x11-drivers/nvidia-drivers: Remove old 440 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-440.100-r3.ebuild | 575 --------------------- 2 files changed, 578 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f5d2e1f6d18219ae2b1fab0df40724b95d163ee commit 8f5d2e1f6d18219ae2b1fab0df40724b95d163ee Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:06 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:06 +0000 x11-drivers/nvidia-drivers: Remove old 435 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers/nvidia-drivers-435.21-r7.ebuild | 572 --------------------- 2 files changed, 575 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10520b988206a8bdaccc01061c47a9f2c72239b0 commit 10520b988206a8bdaccc01061c47a9f2c72239b0 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:03 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:03 +0000 x11-drivers/nvidia-drivers: Remove old 390 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 6 - .../nvidia-drivers-390.138-r5.ebuild | 591 --------------------- 2 files changed, 597 deletions(-)
440.100 is the latest driver that is not affected by a bug that causes kernel NULL pointer dereference (see https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference/155506/166 ). It may be that 418.181.07 is the only fixed version prior to that bug (see https://nvidia.custhelp.com/app/answers/detail/a_id/5142 ) that supports current hardware. Neither is now available in repository. There is also a problem with CUDA support -- downgrading to 390.x or 418.x would mean that only CUDA up to version 9 is supported.
(In reply to Alex Belits from comment #8) > 440.100 is the latest driver that is not affected by a bug that causes > kernel NULL pointer dereference This issue is generally reported to be fixed in current drivers, some reports say 460.39 is fine and there were many reports on nvidia forums that 460.56 is. 440.100 will not be brought back
Package list is empty or all packages have requested keywords.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0200868c5e75eb57e7355dc8786db0f79271aa3 commit e0200868c5e75eb57e7355dc8786db0f79271aa3 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-03 12:45:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-03 12:47:03 +0000 [ GLSA 202310-02 ] NVIDIA Drivers: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/764512 Bug: https://bugs.gentoo.org/784596 Bug: https://bugs.gentoo.org/803389 Bug: https://bugs.gentoo.org/832867 Bug: https://bugs.gentoo.org/845063 Bug: https://bugs.gentoo.org/866527 Bug: https://bugs.gentoo.org/881341 Bug: https://bugs.gentoo.org/884045 Bug: https://bugs.gentoo.org/903614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-02.xml | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+)
