Detections
Analytics

Debian dla-3418 : libegl-nvidia-legacy-390xx0 - security update

high Nessus Plugin ID 175576

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3418 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-3418-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 11, 2023 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : nvidia-graphics-drivers-legacy-390xx Version : 390.157-1~deb10u1 CVE ID : CVE-2022-34670 CVE-2022-34674 CVE-2022-34675 CVE-2022-34677 CVE-2022-34680 CVE-2022-42257 CVE-2022-42258 CVE-2022-42259 Debian Bug : 1025281

 NVIDIA has released a software security update for the NVIDIA GPU Display Driver R390 linux driver branch. This update addresses issues that may lead to denial of service, escalation of privileges, information disclosure, data tampering or undefined behavior.


 CVE-2022-34670

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.

 CVE-2022-34674

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

 CVE-2022-34675

 NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.

 CVE-2022-34677

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

 CVE-2022-34680

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

 CVE-2022-42257

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

 CVE-2022-42258

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

 CVE-2022-42259

 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

 For Debian 10 buster, these problems have been fixed in version 390.157-1~deb10u1.

 We recommend that you upgrade your nvidia-graphics-drivers-legacy-390xx packages.

 For the detailed security status of nvidia-graphics-drivers-legacy-390xx please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/nvidia-graphics-drivers-legacy-390xx

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the libegl-nvidia-legacy-390xx0 packages.

See Also

http://www.nessus.org/u?861b6afb

https://security-tracker.debian.org/tracker/CVE-2022-34670

https://security-tracker.debian.org/tracker/CVE-2022-34674

https://security-tracker.debian.org/tracker/CVE-2022-34675

https://security-tracker.debian.org/tracker/CVE-2022-34677

https://security-tracker.debian.org/tracker/CVE-2022-34680

https://security-tracker.debian.org/tracker/CVE-2022-42257

https://security-tracker.debian.org/tracker/CVE-2022-42258

https://security-tracker.debian.org/tracker/CVE-2022-42259

http://www.nessus.org/u?b085f5e4

Plugin Details

Severity: High

ID: 175576

File Name: debian_DLA-3418.nasl

Version: 1.1

Type: local

Agent: unix

Published: 5/14/2023

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-34670

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver-bin, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-vdpau-driver, p-cpe:/a:debian:debian_linux:libgles-nvidia-legacy-390xx1, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-cfg1, p-cpe:/a:debian:debian_linux:libgl1-nvidia-legacy-390xx-glx, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver-libs-nonglvnd-i386, p-cpe:/a:debian:debian_linux:libegl-nvidia-legacy-390xx0, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-glcore, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-kernel-support, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver-libs, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-compiler, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-fbc1, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-kernel-source, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-alternative, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-kernel-dkms, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-ptxjitcompiler1, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-egl-icd, p-cpe:/a:debian:debian_linux:libgles-nvidia-legacy-390xx2, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver-libs-nonglvnd, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-smi, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-cuda1-i386, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-vulkan-icd, p-cpe:/a:debian:debian_linux:libglx-nvidia-legacy-390xx0, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-nvcuvid1, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-ml1, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-fatbinaryloader, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-opencl-icd, p-cpe:/a:debian:debian_linux:libgl1-nvidia-legacy-390xx-glvnd-glx, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-ifr1, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-encode1, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-eglcore, p-cpe:/a:debian:debian_linux:libegl1-nvidia-legacy-390xx, p-cpe:/a:debian:debian_linux:xserver-xorg-video-nvidia-legacy-390xx, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-driver-libs-i386, p-cpe:/a:debian:debian_linux:nvidia-legacy-390xx-nonglvnd-vulkan-icd, p-cpe:/a:debian:debian_linux:libnvidia-legacy-390xx-cuda1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2023

Vulnerability Publication Date: 11/28/2022

Reference Information

CVE: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259