CVE-2021-1052: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. CVE-2021-1053: NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. CVE-2021-1056: NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. So, branches 450 and 460 will get a fix the week of January 18th for Tesla devices, but the currently released fixed versions for other devices are 390.141, 450.102.04, and 460.32.03.
Is there any indication when nvidia-drivers-460.32.03 will be added to portage due to the security bugs?
Ping, looks like everything has been bumped upstream.
Been testing 460.39 and I don't readily see any issues with it, if anything it has some important fixes on top of everything else and may be a good candidate for the next stable when we get there.
I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which fixes a long-standing (for years) bug with broken ddc communications), so far everything seems ok.
(In reply to Alexander Bezrukov from comment #4) > I am running 390.141 with kernel 5.10.10-alb (with a minimum patch which > fixes a long-standing (for years) bug with broken ddc communications), so > far everything seems ok. Sorry, typo, the kernel is vanilla 5.10.10.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eac4960f316903a54acbf5ad0226b0ea2f06610c commit eac4960f316903a54acbf5ad0226b0ea2f06610c Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:22 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:22 +0000 x11-drivers/nvidia-drivers: Version bump to 460.39 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 2 + .../nvidia-drivers/nvidia-drivers-460.39.ebuild | 578 +++++++++++++++++++++ 2 files changed, 580 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bd4a386e620ffc386a0ea0edb895985459d921c commit 7bd4a386e620ffc386a0ea0edb895985459d921c Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:16 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:16 +0000 x11-drivers/nvidia-drivers: Version bump to 450.102.04 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 + .../nvidia-drivers-450.102.04.ebuild | 578 +++++++++++++++++++++ 2 files changed, 581 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ec1f2d8486971cfb13e6ae5faa9874e35819377 commit 9ec1f2d8486971cfb13e6ae5faa9874e35819377 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-08 08:57:10 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-08 08:57:10 +0000 x11-drivers/nvidia-drivers: Version bump to 390.141 Bug: https://bugs.gentoo.org/764512 Closes: https://bugs.gentoo.org/767349 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 6 + .../nvidia-drivers/nvidia-drivers-390.141.ebuild | 591 +++++++++++++++++++++ 2 files changed, 597 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a1d1797777b3a3caebd1f8887e74c314626312b commit 5a1d1797777b3a3caebd1f8887e74c314626312b Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:18 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:18 +0000 x11-drivers/nvidia-drivers: Remove old 460 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - x11-drivers/nvidia-drivers/metadata.xml | 2 - .../nvidia-drivers/nvidia-drivers-460.27.04.ebuild | 578 --------------------- 3 files changed, 583 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bb7ee9562316f7a481e9882f214629b1c0576fc commit 0bb7ee9562316f7a481e9882f214629b1c0576fc Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:15 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:15 +0000 x11-drivers/nvidia-drivers: Remove old 455 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-455.45.01-r1.ebuild | 579 --------------------- 2 files changed, 582 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8e168227387c1287079529dea73729bd90ed384 commit d8e168227387c1287079529dea73729bd90ed384 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:12 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:12 +0000 x11-drivers/nvidia-drivers: Remove old 450 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-450.80.02-r1.ebuild | 578 --------------------- 2 files changed, 581 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4a0b0e6360ae91c20819e9aea2024cef84df9dc commit f4a0b0e6360ae91c20819e9aea2024cef84df9dc Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:09 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:09 +0000 x11-drivers/nvidia-drivers: Remove old 440 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers-440.100-r3.ebuild | 575 --------------------- 2 files changed, 578 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f5d2e1f6d18219ae2b1fab0df40724b95d163ee commit 8f5d2e1f6d18219ae2b1fab0df40724b95d163ee Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:06 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:06 +0000 x11-drivers/nvidia-drivers: Remove old 435 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 3 - .../nvidia-drivers/nvidia-drivers-435.21-r7.ebuild | 572 --------------------- 2 files changed, 575 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10520b988206a8bdaccc01061c47a9f2c72239b0 commit 10520b988206a8bdaccc01061c47a9f2c72239b0 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-02-14 14:22:03 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-02-14 14:22:03 +0000 x11-drivers/nvidia-drivers: Remove old 390 Bug: https://bugs.gentoo.org/764512 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: David Seifert <soap@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 6 - .../nvidia-drivers-390.138-r5.ebuild | 591 --------------------- 2 files changed, 597 deletions(-)
440.100 is the latest driver that is not affected by a bug that causes kernel NULL pointer dereference (see https://forums.developer.nvidia.com/t/bug-report-455-23-04-kernel-panic-due-to-null-pointer-dereference/155506/166 ). It may be that 418.181.07 is the only fixed version prior to that bug (see https://nvidia.custhelp.com/app/answers/detail/a_id/5142 ) that supports current hardware. Neither is now available in repository. There is also a problem with CUDA support -- downgrading to 390.x or 418.x would mean that only CUDA up to version 9 is supported.
