NVIDIA issued a new Security Bulletin, to advise you to update your GPU drivers due to multiple security issues discovered. This bulletin went out today with the email arriving in my inbox moments ago, so here's the details of the issues that affect Linux.
Firstly all driver versions below these are affected: 530.41.03, 525.105.17, 515.105.01 and 470.182.03. So make sure you upgrade if you're on a driver below the version number listed there in each series. The driver actual series doesn't matter, they fixed it it all listed.
Here's what issues affected just Linux or Windows and Linux together:
- CVE-2023-0189 - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.;
- CVE‑2023‑0184 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
- CVE-2023-0181 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.
- CVE-2023-0191 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.
- CVE-2023-0183 - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.
- CVE-2023-0180 - NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.
- CVE-2023-0185 - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issues may lead to denial of service or information disclosure.
- CVE-2023-0198 - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.
- CVE-2023-0187 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.
- CVE-2023-0199 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.
- CVE-2023-0190 - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.
- CVE-2023-0188 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause an out-of-bounds read, which may lead to denial of service.
- CVE-2023-0194 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.
- CVE-2023-0195 - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to information disclosure.
Driver versions 525.105.17 and 470.182.03 were released today, which along with the security fixes also address other issues (other drivers already out had the fixes). For driver 525.105.17 this is the changelog:
- Fixed a bug that could cause the nvidia-settings control panel to crash when resetting the display layout.
- Fixed a bug that could cause excessive GPU power consumption at idle when driving multiple displays with a high refresh rate.
- Fixed a bug in nvidia-powerd which could cause excessive CPU usage.
- Fixed an issue which could cause applications to run at 1 FPS when using an NVIDIA PRIME Display Offload sink as the only active display.
- Added compatibility for Linux kernels with Indirect Branch Tracking (IBT).
- Fixed a bug that could cause fullscreen PRIME Render Offload applications and/or X to crash when an NVIDIA GPU is driving multiple displays with Reverse PRIME.
- Added support for console restoration when using simpledrm.
- Updated nvidia-modprobe to create symbolic links in /dev/char when creating the /dev/nvidia* device nodes. This resolves an issue that prevented the device nodes from working with newer versions of runc:
https://github.com/opencontainers/runc/issues/
And for 470.182.03:
- Fixed an issue where HDMI audio output was not working in some cases, especially with high display refresh rates (120Hz, 100Hz, etc.) using Fixed Rate Link (FRL) transmission mode.
See the full details in their new announcement.
See more from me