CVE-2022-34677

NameCVE-2022-34677
DescriptionNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3418-1
Debian Bugs1025279, 1025280, 1025281, 1025282, 1025283, 1025284, 1025285, 1025286, 1025287

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)bullseye/non-free470.256.02-2fixed
bookworm/non-free-firmware535.183.01-1~deb12u1fixed
sid/non-free-firmware, trixie/non-free-firmware535.216.03-1fixed
nvidia-graphics-drivers-legacy-340xx (PTS)sid/non-free340.108-23vulnerable
nvidia-graphics-drivers-legacy-390xx (PTS)bullseye/non-free390.157-1~deb11u1fixed
sid/non-free390.157-9fixed
nvidia-graphics-drivers-tesla (PTS)bookworm/non-free-firmware525.147.05-7~deb12u1fixed
sid/non-free-firmware, trixie/non-free-firmware525.147.05-12fixed
nvidia-graphics-drivers-tesla-418 (PTS)bullseye/non-free418.226.00-6~deb11u2vulnerable
sid/non-free418.226.00-16vulnerable
nvidia-graphics-drivers-tesla-450 (PTS)bullseye/non-free450.248.02-7~deb11u1fixed
sid/non-free450.248.02-8fixed
nvidia-graphics-drivers-tesla-460 (PTS)bullseye/non-free460.106.00-17~deb11u1fixed
sid/non-free460.106.00-18fixed
nvidia-graphics-drivers-tesla-470 (PTS)bullseye/non-free470.256.02-1~deb11u2fixed
bookworm/non-free470.256.02-1~deb12u1fixed
trixie/non-free, sid/non-free470.256.02-4fixed
nvidia-open-gpu-kernel-modules (PTS)bookworm/contrib535.183.01-1~deb12u1fixed
sid/contrib, trixie/contrib535.216.03-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssourcebullseye470.161.03-1
nvidia-graphics-driverssource(unstable)510.108.03-11025279
nvidia-graphics-drivers-legacy-340xxsource(unstable)(unfixed)1025280
nvidia-graphics-drivers-legacy-390xxsourcebuster390.157-1~deb10u1DLA-3418-1
nvidia-graphics-drivers-legacy-390xxsourcebullseye390.157-1~deb11u1
nvidia-graphics-drivers-legacy-390xxsource(unstable)390.157-11025281
nvidia-graphics-drivers-teslasource(unstable)510.108.03-11025287
nvidia-graphics-drivers-tesla-418source(unstable)(unfixed)1025282
nvidia-graphics-drivers-tesla-450sourcebullseye450.216.04-1~deb11u1
nvidia-graphics-drivers-tesla-450source(unstable)450.216.04-11025283
nvidia-graphics-drivers-tesla-460source(unstable)460.106.00-31025284
nvidia-graphics-drivers-tesla-470sourcebullseye470.161.03-1~deb11u1
nvidia-graphics-drivers-tesla-470source(unstable)470.161.03-11025285
nvidia-graphics-drivers-tesla-510source(unstable)510.108.03-11025286
nvidia-open-gpu-kernel-modulessource(unstable)515.86.01-1

Notes

[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470

Search for package or bug name: Reporting problems