CVE-2022-42261

NameCVE-2022-42261
DescriptionNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1025279, 1025282, 1025283, 1025284, 1025285, 1025286, 1025287

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)bullseye/non-free470.256.02-2fixed
bookworm/non-free-firmware535.183.01-1~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware535.183.06-1fixed
nvidia-graphics-drivers-tesla (PTS)bookworm/non-free-firmware525.147.05-7~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware525.147.05-11fixed
nvidia-graphics-drivers-tesla-418 (PTS)bullseye/non-free418.226.00-6~deb11u2vulnerable
sid/non-free418.226.00-16vulnerable
nvidia-graphics-drivers-tesla-450 (PTS)bullseye/non-free450.248.02-7~deb11u1fixed
sid/non-free450.248.02-7fixed
nvidia-graphics-drivers-tesla-460 (PTS)bullseye/non-free460.106.00-17~deb11u1fixed
sid/non-free460.106.00-17fixed
nvidia-graphics-drivers-tesla-470 (PTS)bullseye/non-free470.256.02-1~deb11u2fixed
bookworm/non-free470.256.02-1~deb12u1fixed
trixie/non-free, sid/non-free470.256.02-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssourcebullseye470.161.03-1
nvidia-graphics-driverssource(unstable)510.108.03-11025279
nvidia-graphics-drivers-teslasource(unstable)510.108.03-11025287
nvidia-graphics-drivers-tesla-418source(unstable)(unfixed)1025282
nvidia-graphics-drivers-tesla-450sourcebullseye450.216.04-1~deb11u1
nvidia-graphics-drivers-tesla-450source(unstable)450.216.04-11025283
nvidia-graphics-drivers-tesla-460source(unstable)460.106.00-31025284
nvidia-graphics-drivers-tesla-470sourcebullseye470.161.03-1~deb11u1
nvidia-graphics-drivers-tesla-470source(unstable)470.161.03-11025285
nvidia-graphics-drivers-tesla-510source(unstable)510.108.03-11025286

Notes

[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470

Search for package or bug name: Reporting problems