nvidia-drivers:0/390 is not listed but most likely affected, it has reached EOL and nvidia is no longer listing/tracking it. It'll be kept in tree (for old hardware to use) but is now masked with a security notice like the 0/vulkan branch. fwiw the only 0/530 that was affected was never keyworded, and been dropped a while ago. Fixed versions are already in tree, waiting on 3x stable + cleanup. CVE-2023-0180: NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. CVE-2023-0181: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. CVE-2023-0184: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2023-0183: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. CVE-2023-0185: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issues may lead to denial of service or information disclosure. CVE-2023-0187: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. CVE-2023-0188: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause an out-of-bounds read, which may lead to denial of service. CVE-2023-0189: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2023-0190: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. CVE-2023-0191: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. CVE-2023-0194: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. CVE-2023-0195: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to information disclosure. CVE-2023-0198: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. CVE-2023-0199: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a8a8578822f99f0a63da6c06c9bce4b1c36a756 commit 1a8a8578822f99f0a63da6c06c9bce4b1c36a756 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-04-05 12:44:09 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-04-05 13:22:29 +0000 x11-drivers/nvidia-drivers: drop 470.161.03, 515.86.01, 525.89.02 Clears up all vulnerable versions wrt bug #903614, not counting the ones that are permanently masked (so, all done tree-wise). Bug: https://bugs.gentoo.org/903614 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 22 - .../nvidia-drivers-470.161.03.ebuild | 576 ------------------- .../nvidia-drivers/nvidia-drivers-515.86.01.ebuild | 633 --------------------- .../nvidia-drivers/nvidia-drivers-525.89.02.ebuild | 631 -------------------- 4 files changed, 1862 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d188b120bf5ace93676cfc42a37fc27148996166 commit d188b120bf5ace93676cfc42a37fc27148996166 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-04-05 12:43:09 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-04-05 13:21:53 +0000 x11-drivers/nvidia-drivers: stabilize 525.105.17 for amd64 Bug: https://bugs.gentoo.org/903614 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-525.105.17.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0cbabff70d6e3925de598587f814a37f5c21a1c commit e0cbabff70d6e3925de598587f814a37f5c21a1c Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-04-05 12:42:46 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-04-05 13:21:52 +0000 x11-drivers/nvidia-drivers: stabilize 515.105.01 for amd64 Bug: https://bugs.gentoo.org/903614 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-515.105.01.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=629d57db807f5382494367734a16eb6a73f26e52 commit 629d57db807f5382494367734a16eb6a73f26e52 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2023-04-05 12:42:24 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2023-04-05 13:21:52 +0000 x11-drivers/nvidia-drivers: stabilize 470.182.03 for amd64 Bug: https://bugs.gentoo.org/903614 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-470.182.03.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thank you!
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0200868c5e75eb57e7355dc8786db0f79271aa3 commit e0200868c5e75eb57e7355dc8786db0f79271aa3 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-03 12:45:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-03 12:47:03 +0000 [ GLSA 202310-02 ] NVIDIA Drivers: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/764512 Bug: https://bugs.gentoo.org/784596 Bug: https://bugs.gentoo.org/803389 Bug: https://bugs.gentoo.org/832867 Bug: https://bugs.gentoo.org/845063 Bug: https://bugs.gentoo.org/866527 Bug: https://bugs.gentoo.org/881341 Bug: https://bugs.gentoo.org/884045 Bug: https://bugs.gentoo.org/903614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-02.xml | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+)
