803389 – (CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095) <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabilities (CVE-2021-{1090,1093,1094,1095})

Bug 803389 (CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095) - <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabilities (CVE-2021-{1090,1093,1094,1095})

Summary: <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabi...

Status:	RESOLVED FIXED

Alias:	CVE-2021-1090, CVE-2021-1093, CVE-2021-1094, CVE-2021-1095

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://nvidia.custhelp.com/app/answe...
Whiteboard:	A3 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2021-07-22 14:49 UTC by John Helmert III
Modified:	2023-10-03 12:48 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-07-22 14:49:34 UTC

CVE-2021-1090:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.

CVE-2021-1093:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.

CVE-2021-1094:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.

CVE-2021-1095:

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.


-1090 isn't mentioned in the security updates matrix, is it somehow unfixed?

In any case please bump.

Comment 1 Ionen Wolkens gentoo-dev

2021-07-22 14:58:04 UTC

Three of the fixed versions (390.144, 460.91.03, and 471.56.01), are already in tree.

For 450 branch, I see a mention of 450.142.00 however I can't find the release on nvidia sites yet. May consider simply dropping the 450 branch soon.

Comment 2 Larry the Git Cow gentoo-dev

2021-07-22 15:08:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38e02eb3ac57e490bec4947d8a4b8ef2670f238d

commit 38e02eb3ac57e490bec4947d8a4b8ef2670f238d
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-22 15:05:16 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-22 15:06:54 +0000

    x11-drivers/nvidia-drivers: drop vuln 470.42.01
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   7 -
 .../nvidia-drivers/nvidia-drivers-470.42.01.ebuild | 445 ---------------------
 2 files changed, 452 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26bc27ab8c9db458f770f4110597534c5563b064

commit 26bc27ab8c9db458f770f4110597534c5563b064
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-22 15:03:22 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-22 15:06:54 +0000

    x11-drivers/nvidia-drivers: drop vuln 450.119.03, end of 450 branch
    
    There is little reason for this branch to be supported anymore,
    please use 460 or 470 instead.
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |   7 -
 x11-drivers/nvidia-drivers/files/nvidia-450.conf   |  30 --
 .../nvidia-drivers-450.119.03.ebuild               | 427 ---------------------
 3 files changed, 464 deletions(-)

Comment 3 Ionen Wolkens gentoo-dev

2021-07-22 15:12:22 UTC

Non-affected 390.144 and 460.91.03 will be stabled in a week if no issues.

470.xx does not currently have a stable version, but last affected version is now gone from the tree leaving only 470.57.02.

460.67 also affected by other security issues will be removed in roughly 2 weeks alongside 460.84 and 390.143

Comment 4 Ionen Wolkens gentoo-dev

2021-07-22 15:58:40 UTC

>-1090 isn't mentioned in the security updates matrix, is it somehow unfixed?
It's listing fixes for the windows version:
https://nvidia.custhelp.com/app/answers/detail/a_id/5211

Not that I know what to make of this.

Comment 5 Larry the Git Cow gentoo-dev

2021-07-29 01:22:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=101892cf29ae0aaa85102a8480a4bf64e5697ac2

commit 101892cf29ae0aaa85102a8480a4bf64e5697ac2
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-28 23:05:41 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-29 01:20:14 +0000

    x11-drivers/nvidia-drivers: stabilize 460.91.03 for amd64
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-460.91.03.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c898833de6e52e31b9e9a9be3983d30672e4acc

commit 1c898833de6e52e31b9e9a9be3983d30672e4acc
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-07-28 23:05:00 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-07-29 01:20:13 +0000

    x11-drivers/nvidia-drivers: stabilize 390.144 for amd64, x86
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/nvidia-drivers-390.144.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:20:37 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:28:39 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 17:36:39 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 17:44:41 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 NATTkA bot gentoo-dev

2021-07-29 17:52:45 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 11 NATTkA bot gentoo-dev

2021-07-29 17:56:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 12 NATTkA bot gentoo-dev

2021-07-29 18:00:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 13 NATTkA bot gentoo-dev

2021-07-29 18:08:58 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 14 Larry the Git Cow gentoo-dev

2021-08-02 16:33:15 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=898e69fdce10d2b108edd53730bc4468ac96b80c

commit 898e69fdce10d2b108edd53730bc4468ac96b80c
Author:     Ionen Wolkens <ionen@gentoo.org>
AuthorDate: 2021-08-02 16:19:07 +0000
Commit:     Ionen Wolkens <ionen@gentoo.org>
CommitDate: 2021-08-02 16:21:03 +0000

    x11-drivers/nvidia-drivers: drop vulnerable 390.143-r1, 460.84
    
    Bug: https://bugs.gentoo.org/803389
    Signed-off-by: Ionen Wolkens <ionen@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |  14 -
 .../nvidia-drivers-390.143-r1.ebuild               | 406 --------------------
 .../nvidia-drivers/nvidia-drivers-460.84.ebuild    | 420 ---------------------
 3 files changed, 840 deletions(-)

Comment 15 John Helmert III archtester

2021-08-06 21:19:48 UTC

Thanks Ionen!

Comment 16 Larry the Git Cow gentoo-dev

2023-10-03 12:47:15 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0200868c5e75eb57e7355dc8786db0f79271aa3

commit e0200868c5e75eb57e7355dc8786db0f79271aa3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-03 12:45:00 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-03 12:47:03 +0000

    [ GLSA 202310-02 ] NVIDIA Drivers: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/764512
    Bug: https://bugs.gentoo.org/784596
    Bug: https://bugs.gentoo.org/803389
    Bug: https://bugs.gentoo.org/832867
    Bug: https://bugs.gentoo.org/845063
    Bug: https://bugs.gentoo.org/866527
    Bug: https://bugs.gentoo.org/881341
    Bug: https://bugs.gentoo.org/884045
    Bug: https://bugs.gentoo.org/903614
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-02.xml | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)