Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803389 (CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095) - <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabilities (CVE-2021-{1090,1093,1094,1095})
Summary: <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabi...
Status: IN_PROGRESS
Alias: CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://nvidia.custhelp.com/app/answe...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-22 14:49 UTC by John Helmert III
Modified: 2021-08-06 21:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-07-22 14:49:34 UTC
CVE-2021-1090:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.

CVE-2021-1093:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.

CVE-2021-1094:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.

CVE-2021-1095:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.


-1090 isn't mentioned in the security updates matrix, is it somehow unfixed?

In any case please bump.
Comment 1 Ionen Wolkens gentoo-dev 2021-07-22 14:58:04 UTC
Three of the fixed versions (390.144, 460.91.03, and 471.56.01), are already in tree.

For 450 branch, I see a mention of 450.142.00 however I can't find the release on nvidia sites yet. May consider simply dropping the 450 branch soon.
Comment 2 Larry the Git Cow gentoo-dev 2021-07-22 15:08:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38e02eb3ac57e490bec4947d8a4b8ef2670f238d

commit 38e02eb3ac57e490bec4947d8a4b8ef2670f238d
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-22 15:05:16 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-22 15:06:54 +0000

    x11-drivers/nvidia-drivers: drop vuln 470.42.01
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   7 -
 .../nvidia-drivers/nvidia-drivers-470.42.01.ebuild | 445 ---------------------
 2 files changed, 452 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26bc27ab8c9db458f770f4110597534c5563b064

commit 26bc27ab8c9db458f770f4110597534c5563b064
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-22 15:03:22 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-22 15:06:54 +0000

    x11-drivers/nvidia-drivers: drop vuln 450.119.03, end of 450 branch
    
    There is little reason for this branch to be supported anymore,
    please use 460 or 470 instead.
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   7 -
 x11-drivers/nvidia-drivers/files/nvidia-450.conf   |  30 --
 .../nvidia-drivers-450.119.03.ebuild               | 427 ---------------------
 3 files changed, 464 deletions(-)
Comment 3 Ionen Wolkens gentoo-dev 2021-07-22 15:12:22 UTC
Non-affected 390.144 and 460.91.03 will be stabled in a week if no issues.

470.xx does not currently have a stable version, but last affected version is now gone from the tree leaving only 470.57.02.

460.67 also affected by other security issues will be removed in roughly 2 weeks alongside 460.84 and 390.143
Comment 4 Ionen Wolkens gentoo-dev 2021-07-22 15:58:40 UTC
>-1090 isn't mentioned in the security updates matrix, is it somehow unfixed?
It's listing fixes for the windows version:
https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Not that I know what to make of this.
Comment 5 Larry the Git Cow gentoo-dev 2021-07-29 01:22:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=101892cf29ae0aaa85102a8480a4bf64e5697ac2

commit 101892cf29ae0aaa85102a8480a4bf64e5697ac2
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-28 23:05:41 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-29 01:20:14 +0000

    x11-drivers/nvidia-drivers: stabilize 460.91.03 for amd64
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-460.91.03.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c898833de6e52e31b9e9a9be3983d30672e4acc

commit 1c898833de6e52e31b9e9a9be3983d30672e4acc
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-28 23:05:00 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-29 01:20:13 +0000

    x11-drivers/nvidia-drivers: stabilize 390.144 for amd64, x86
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-390.144.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:20:37 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:28:39 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:36:39 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:44:41 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 17:52:45 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:56:40 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 18:00:40 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 18:08:58 UTC Comment hidden (obsolete)
Comment 14 Larry the Git Cow gentoo-dev 2021-08-02 16:33:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=898e69fdce10d2b108edd53730bc4468ac96b80c

commit 898e69fdce10d2b108edd53730bc4468ac96b80c
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-08-02 16:19:07 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-02 16:21:03 +0000

    x11-drivers/nvidia-drivers: drop vulnerable 390.143-r1, 460.84
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |  14 -
 .../nvidia-drivers-390.143-r1.ebuild               | 406 --------------------
 .../nvidia-drivers/nvidia-drivers-460.84.ebuild    | 420 ---------------------
 3 files changed, 840 deletions(-)
Comment 15 John Helmert III gentoo-dev Security 2021-08-06 21:19:48 UTC
Thanks Ionen!