Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:13614125623111220233418HistoryMay 12, 2023 - 12:00 a.m.
Debian: Security Advisory (DLA-3418-1)
2023-05-1200:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
1
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.4%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.1.2.2023.3418");
script_cve_id("CVE-2022-34670", "CVE-2022-34674", "CVE-2022-34675", "CVE-2022-34677", "CVE-2022-34680", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259");
script_tag(name:"creation_date", value:"2023-05-12 04:20:36 +0000 (Fri, 12 May 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-11 20:14:51 +0000 (Wed, 11 Jan 2023)");
script_name("Debian: Security Advisory (DLA-3418-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");
script_xref(name:"Advisory-ID", value:"DLA-3418-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2023/DLA-3418-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/nvidia-graphics-drivers-legacy-390xx");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'nvidia-graphics-drivers-legacy-390xx' package(s) announced via the DLA-3418-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"NVIDIA has released a software security update for the NVIDIA GPU Display Driver R390 linux driver branch. This update addresses issues that may lead to denial of service, escalation of privileges, information disclosure, data tampering or undefined behavior.
CVE-2022-34670
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
CVE-2022-34674
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
CVE-2022-34675
NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.
CVE-2022-34677
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
CVE-2022-34680
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.
CVE-2022-42257
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.
CVE-2022-42258
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.
CVE-2022-42259
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
For Debian 10 buster, these problems have been fixed in version 390.157-1~deb10u1.
We recommend that you upgrade your nvidia-graphics-drivers-legacy-390xx packages.
For the detailed security status of nvidia-graphics-drivers-legacy-390xx please refer to its security tracker page at: [link moved to references]
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'nvidia-graphics-drivers-legacy-390xx' package(s) on Debian 10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB10") {
if(!isnull(res = isdpkgvuln(pkg:"libegl-nvidia-legacy-390xx0", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libegl1-nvidia-legacy-390xx", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgl1-nvidia-legacy-390xx-glvnd-glx", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgl1-nvidia-legacy-390xx-glx", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgles-nvidia-legacy-390xx1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libgles-nvidia-legacy-390xx2", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libglx-nvidia-legacy-390xx0", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-cfg1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-compiler", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-cuda1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-cuda1-i386", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-eglcore", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-encode1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-fatbinaryloader", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-fbc1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-glcore", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-ifr1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-ml1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-nvcuvid1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnvidia-legacy-390xx-ptxjitcompiler1", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-alternative", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver-bin", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver-libs", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver-libs-i386", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver-libs-nonglvnd", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-driver-libs-nonglvnd-i386", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-egl-icd", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-kernel-dkms", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-kernel-source", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-kernel-support", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-nonglvnd-vulkan-icd", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-opencl-icd", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-smi", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-vdpau-driver", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"nvidia-legacy-390xx-vulkan-icd", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"xserver-xorg-video-nvidia-legacy-390xx", ver:"390.157-1~deb10u1", rls:"DEB10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (November 2022)
2023-09-14 00:00:00
NVIDIA Linux GPU Display Driver (Nov 2022)
2022-12-02 00:00:00
osv
osv
nvidia-graphics-drivers-legacy-390xx - security update
2023-05-11 00:00:00
debian
debian
[SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update
2023-05-11 15:03:27
nvidia
nvidia
Security Bulletin: NVIDIA GPU Display Driver - November 2022
2022-11-29 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2022-12-30 23:15:00
Null pointer dereference
2022-12-30 23:15:00
Integer overflow
2022-12-30 23:15:00
cve
cve
debiancve
debiancve
gentoo
gentoo
NVIDIA Drivers: Multiple Vulnerabilities
2023-10-03 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.4%
Related for OPENVAS:13614125623111220233418