Description Ionen Wolkens 2022-08-25 13:44:35 UTC

Late filing given missed it (looked around August 2 while bumping but it wasn't up yet)

Fixed versions already stabled and vulnerable been dropped either way (may or may not be fixed in yesterday's vulkan branch 515.49.14:0/vulkan, but that's permanently masked with a security warning either way).

CVE-2022-31607:
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.

CVE-2022-31608:
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

About ^ for Gentoo:
Like a few other distros, that dbus file was non-optional and installed to /usr/share/dbus-1/system.d for versions between 510.39.01 to 510.73.05 (was also in 515.43.07 but that version was never keyworded), but was later moved to /usr/share/doc over potential concerns (which in part became this CVE), so 510.73.05-r1 and all keyworded 515.xx were not affected unless users copied themselves. Was reinstated as a default in the current fixed versions.

CVE-2022-31615:
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.