CVE-2022-34677

NameCVE-2022-34677
DescriptionNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3418-1
Debian Bugs1025279, 1025280, 1025281, 1025282, 1025283, 1025284, 1025285, 1025286, 1025287

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)buster/non-free418.226.00-3vulnerable
bullseye/non-free470.223.02-1fixed
bookworm/non-free-firmware525.147.05-4~deb12u1fixed
trixie/non-free-firmware525.147.05-10fixed
sid/non-free-firmware535.161.08-1fixed
nvidia-graphics-drivers-legacy-340xx (PTS)buster/non-free340.108-3~deb10u1vulnerable
sid/non-free340.108-21vulnerable
nvidia-graphics-drivers-legacy-390xx (PTS)buster/non-free390.154-1~deb10u1vulnerable
buster/non-free (security)390.157-1~deb10u1fixed
bullseye/non-free390.157-1~deb11u1fixed
sid/non-free390.157-6fixed
nvidia-graphics-drivers-tesla (PTS)bookworm/non-free-firmware525.147.05-4~deb12u1fixed
trixie/non-free-firmware525.147.05-7fixed
sid/non-free-firmware525.147.05-10fixed
nvidia-graphics-drivers-tesla-418 (PTS)bullseye/non-free418.226.00-6~deb11u1vulnerable
sid/non-free418.226.00-13vulnerable
nvidia-graphics-drivers-tesla-450 (PTS)bullseye/non-free450.248.02-1~deb11u1fixed
sid/non-free450.248.02-4fixed
nvidia-graphics-drivers-tesla-460 (PTS)bullseye/non-free460.106.00-6~deb11u1fixed
sid/non-free460.106.00-14fixed
nvidia-graphics-drivers-tesla-470 (PTS)bullseye/non-free470.223.02-2~deb11u1fixed
bookworm/non-free470.223.02-2~deb12u1fixed
sid/non-free, trixie/non-free470.239.06-1fixed
nvidia-open-gpu-kernel-modules (PTS)bookworm/contrib525.147.05-1~deb12u1fixed
trixie/contrib525.147.05-3fixed
sid/contrib535.161.08-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssourcebullseye470.161.03-1
nvidia-graphics-driverssource(unstable)510.108.03-11025279
nvidia-graphics-drivers-legacy-340xxsource(unstable)(unfixed)1025280
nvidia-graphics-drivers-legacy-390xxsourcebuster390.157-1~deb10u1DLA-3418-1
nvidia-graphics-drivers-legacy-390xxsourcebullseye390.157-1~deb11u1
nvidia-graphics-drivers-legacy-390xxsource(unstable)390.157-11025281
nvidia-graphics-drivers-teslasource(unstable)510.108.03-11025287
nvidia-graphics-drivers-tesla-418source(unstable)(unfixed)1025282
nvidia-graphics-drivers-tesla-450sourcebullseye450.216.04-1~deb11u1
nvidia-graphics-drivers-tesla-450source(unstable)450.216.04-11025283
nvidia-graphics-drivers-tesla-460source(unstable)460.106.00-31025284
nvidia-graphics-drivers-tesla-470sourcebullseye470.161.03-1~deb11u1
nvidia-graphics-drivers-tesla-470source(unstable)470.161.03-11025285
nvidia-graphics-drivers-tesla-510source(unstable)510.108.03-11025286
nvidia-open-gpu-kernel-modulessource(unstable)515.86.01-1

Notes

[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
Search for package or bug name: Reporting problems