Bug#1093908: nvidia-graphics-drivers: CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131, CVE-2024-0149

Andreas Beckmann anbe at debian.org
Thu Jan 23 23:58:46 GMT 2025 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: tag -7 + wontfix
Control: severity -7 important
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -9 560.28.03-1
Control: found -9 565.57.01-1
Control: reassign -10 src:nvidia-graphics-drivers-tesla-535 535.216.01-1
Control: retitle -10 nvidia-graphics-drivers-tesla-535: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1
Control: found -1 560.28.03-1
Control: found -1 565.57.01-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5614

CVE-2024-0150 	NVIDIA GPU display driver for Windows and Linux contains
a vulnerability where data is written past the end or before the
beginning of a buffer. A successful exploit of this vulnerability might
lead to information disclosure, denial of service, or data tampering.

CVE-2024-0147 	NVIDIA GPU display driver for Windows and Linux contains
a vulnerability where referencing memory after it has been freed can
lead to denial of service or data tampering.

CVE-2024-53869 	NVIDIA Unified Memory driver for Linux contains a
vulnerability where an attacker could leak uninitialized memory. A
successful exploit of this vulnerability might lead to information
disclosure.

CVE-2024-0131 	NVIDIA GPU kernel driver for Windows and Linux contains
a vulnerability where a potential user-mode attacker could read  a
buffer with an incorrect length. A successful exploit of this
vulnerability might lead to denial of service.

CVE-2024-0149 	NVIDIA GPU Display Driver for Linux contains a
vulnerability which could allow an attacker unauthorized access to
files. A successful exploit of this vulnerability might lead to limited
information disclosure.

Linux Driver Branch 	CVEs Addressed
R550 			CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869
R535 			CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150

Driver Branch 	Affected Driver Versions 			Updated Driver Version
R550 		All driver versions prior to 550.144.03 	550.144.03
R535 		All driver versions prior to 535.230.02 	535.230.02

Andreas

More information about the pkg-nvidia-devel mailing list