Late filing given missed it (looked around August 2 while bumping but it wasn't up yet) Fixed versions already stabled and vulnerable been dropped either way (may or may not be fixed in yesterday's vulkan branch 515.49.14:0/vulkan, but that's permanently masked with a security warning either way). CVE-2022-31607: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. CVE-2022-31608: NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. About ^ for Gentoo: Like a few other distros, that dbus file was non-optional and installed to /usr/share/dbus-1/system.d for versions between 510.39.01 to 510.73.05 (was also in 515.43.07 but that version was never keyworded), but was later moved to /usr/share/doc over potential concerns (which in part became this CVE), so 510.73.05-r1 and all keyworded 515.xx were not affected unless users copied themselves. Was reinstated as a default in the current fixed versions. CVE-2022-31615: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
>may or may not be fixed in yesterday's vulkan branch 515.49.14:0/vulkan, >but that's permanently masked with a security warning either way Well, given can look at that one, can confirm at least the dbus file been fixed since the earlier 515.49.10:0/vulkan
Thank you for filing!
GLSA request filed
