Bug#1033774: nvidia-graphics-drivers: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191

Andreas Beckmann anbe at debian.org
Sat Apr 1 09:02:02 BST 2023 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: tag -8 + wontfix
Control: close -8 510.85.02-2
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -9 515.48.07-1
Control: found -9 525.60.13-1
Control: reassign -10 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -10 nvidia-open-gpu-kernel-modules: CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183, CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191
Control: found -10 520.56.06-1
Control: found -10 525.85.12-1
Control: found -10 530.30.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: fixed -1 530.41.03-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5452

CVE-2023-0189 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, which may lead to code
execution, denial of service, escalation of privileges, information
disclosure, and data tampering.

CVE-2023-0184 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, which may lead to
denial of service, escalation of privileges, information disclosure, and
data tampering.

CVE-2023-0181 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in a kernel mode layer handler, where memory permissions
are not correctly checked, which may lead to denial of service and data
tampering.

CVE-2023-0191 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
access may lead to denial of service or data tampering.

CVE-2023-0183 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer where an out-of-bounds write can
lead to denial of service and data tampering.

CVE-2023-0180 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in a kernel mode layer handler, which may lead to denial
of service or information disclosure.

CVE-2023-0185 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where sign conversion issues may
lead to denial of service or information disclosure.

CVE-2023-0198 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where improper restriction of
operations within the bounds of a memory buffer can lead to denial of
service, information disclosure, and data tampering.

CVE-2023-0187 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
read can lead to denial of service.

CVE-2023-0199 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an out-of-bounds
write can lead to denial of service and data tampering.

CVE-2023-0190 	NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where a NULL pointer dereference
may lead to denial of service.

CVE-2023-0188 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer handler, where an unprivileged
user can cause an out-of-bounds read, which may lead to denial of
service.

CVE-2023-0194 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to denial of service.

CVE-2023-0195 	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer driver, where an invalid
display configuration may lead to information disclosure.


Linux Driver Branch 	CVE IDs Addressed

R530, R525, R515 	CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0183, CVE-2023-0185, CVE-2023-0187,
			CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
			CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
			CVE-2023-0191

R470 			CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0185, CVE-2023-0187, CVE-2023-0198,
			CVE-2023-0199, CVE-2023-0188, CVE-2023-0190,
			CVE-2023-0194, CVE-2023-0195, CVE-2023-0191

R450 			CVE-2023-0184, CVE-2023-0189, CVE-2023-0180,
			CVE-2023-0185, CVE-2023-0198, CVE-2023-0199,
			CVE-2023-0188, CVE-2023-0190, CVE-2023-0194,
			CVE-2023-0195, CVE-2023-0191


Driver Branch 	Affected Driver Versions 			Updated Driver Version
R530		All driver versions prior to 530.41.03 		530.41.03
R525 		All driver versions prior to 525.105.17 	525.105.17
R515 		All driver versions prior to 515.105.01 	515.105.01
R470 		All driver versions prior to 470.182.03 	470.182.03
R450 		All driver versions prior to 450.236.01 	450.236.01


Andreas

More information about the pkg-nvidia-devel mailing list