Bug 57925 - nvidia-graphics-drivers: Multiple issues (5.2)
Summary: nvidia-graphics-drivers: Multiple issues (5.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.2
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.2-0-errata
Assignee: Quality Assurance
QA Contact: Dirk Wiesenthal
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-30 16:50 CET by Quality Assurance
Modified: 2025-02-05 15:53 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 8.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-01-30 16:50:52 CET 
New Debian nvidia-graphics-drivers 535.216.01-1~deb12u1 fixes:
This update addresses the following issue:
* nvidia-display-driver: privilege escalation vulnerability (CVE-2024-0126)
Comment 1 Quality Assurance univentionstaff 2025-01-30 17:00:09 CET 
--- mirror/ftp/pool/main/n/nvidia-graphics-drivers/nvidia-graphics-drivers_535.183.01-1~deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-0/source/nvidia-graphics-drivers_535.216.01-1~deb12u1.dsc
@@ -1,3 +1,43 @@
+535.216.01-1~deb12u1 [Tue, 19 Nov 2024 22:39:43 +0100] Andreas Beckmann <anbe@debian.org>:
+
+  * Rebuild for bookworm.
+
+535.216.01-1 [Thu, 07 Nov 2024 18:03:36 +0100] Andreas Beckmann <anbe@debian.org>:
+
+  * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
+    * Fixed CVE-2024-0126.  (Closes: #1085968)
+      https://nvidia.custhelp.com/app/answers/detail/a_id/5586
+    * Improved compatibility with recent Linux kernels.
+
+  [ Andreas Beckmann ]
+  * Refresh patches.
+  * nvidia-detect: Add support for Tesla 535 drivers.
+  * nvidia-detect: Restrict support to driver series in trixie.
+  * Clean up packaging cruft in preparation for forking Tesla 535 drivers.
+
+535.183.06-2 [Fri, 25 Oct 2024 09:42:15 +0200] Andreas Beckmann <anbe@debian.org>:
+
+  * Simplify using nv_pfn_valid() in virt_addr_valid() on ppc64el.
+  * Backport nv_get_kern_phys_address() changes from 555.42.02 to fix kernel
+    module build with gcc-14 on arm*.  (Closes: #1084844)
+  * Regenerate debian/control with libdpkg-perl/bookworm.
+
+535.183.06-1 [Mon, 12 Aug 2024 07:51:39 +0200] Andreas Beckmann <anbe@debian.org>:
+
+  * New upstream Tesla branch release 535.183.06 (2024-07-09).
+
+  [ Andreas Beckmann ]
+  * Use dh_movetousr (if available) to relocate the firmware to /usr where
+    needed.  (Closes: #1073744)
+  * Log an error message if nvidia-peermem refuses to load because it was
+    built without IB peer memory symbols present.  (Closes: #1074350)
+  * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
+    Linux 6.10.  (Closes: #1077841, #1078425, #1078462, #1078489, #1078424)
+  * Use pfn_valid() variant with rcu_read_{,un}lock_sched() from Linux 6.8-rc3
+    in virt_addr_valid() for Linux 5.10.210 - 5.10.999 to avoid using GPL
+    symbols on ppc64el.
+  * bug-script: Report 'apt-cache policy'.
+
 535.183.01-1~deb12u1 [Wed, 19 Jun 2024 21:22:21 +0200] Andreas Beckmann <anbe@debian.org>:
 
   * Rebuild for bookworm.

<http://piuparts.knut.univention.de/5.2-0/#1296371147607496945>
Comment 2 Iván.Delgado univentionstaff 2025-02-03 12:53:58 CET 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-0] 22b3fab971 Bug #57925: nvidia-graphics-drivers 535.216.01-1~deb12u1
 doc/errata/staging/nvidia-graphics-drivers.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
Comment 3 Iván.Delgado univentionstaff 2025-02-05 15:53:58 CET 
<https://errata.software-univention.de/#/?erratum=5.2x12>