Bug#894338: nvidia-graphics-drivers: CVE-2018-6249, CVE-2018-6253: null pointer dereference and infinite recursion due to malformed shader
Luca Boccassi
bluca at debian.org
Thu Mar 29 11:54:37 UTC 2018
Control: found -1 384.111-4
Control: found -1 390.42-1Control: notfound -1 384.111
On Thu, 2018-03-29 at 11:11 +0100, Luca Boccassi wrote:
> Source: nvidia-graphics-drivers
> Version: 384.111
> Severity: serious
> Tags: security upstream
>
> http://nvidia.custhelp.com/app/answers/detail/a_id/4649
>
> CVE-2018-6249
>
> NVIDIA GPU Display Driver contains a vulnerability in kernel mode
> layer
> handler where a NULL pointer dereference may lead to denial of
> service
> or potential escalation of privileges.
>
> CVE-2018-6253
>
> NVIDIA GPU Display Driver contains a vulnerability in the DirectX and
> OpenGL Usermode drivers where a specially crafted pixel shader can
> cause infinite recursion leading to denial of service.
>
> Fixed versions:
>
> R390 390.46
> R384 384.125
Andreas,
I've tested 384.130 on Stretch and it seems to be working fine (I've
only build-tested 390.48).
Is it worth going through backports or shall we just go directly to
stretch-p-u given the CVE?
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20180329/d337642f/attachment.sig>
More information about the pkg-nvidia-devel
mailing list