Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-31608

Published: 2 August 2022

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

From the Ubuntu Security Team

Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Notes

AuthorNote
sbeattie
the dbus endpoint configuration file is only installed as a
documentation file (/usr/share/doc/nvidia-driver-*/nvidia-dbus.conf)
in Ubuntu, so a user would have to manually put it in place to be
affected.
mdeslaur
some binary drivers are no longer support by NVidia, so they
are marked as ignored here

Priority

Low

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
nvidia-graphics-drivers-304
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored

kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-304-updates
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-340
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Not vulnerable
(superseded)
lunar Not vulnerable
(superseded)
trusty Does not exist

upstream Needs triage

xenial Ignored

kinetic Not vulnerable
(superseded)
mantic Not vulnerable
(superseded)
nvidia-graphics-drivers-340-updates
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-352
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-352-updates
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-361
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-367
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-375
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(superseded)
kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-384
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-390
Launchpad, Ubuntu, Debian
bionic
Released (390.154-0ubuntu0.18.04.1)
focal
Released (390.154-0ubuntu0.20.04.1)
jammy
Released (390.154-0ubuntu0.22.04.1)
lunar Not vulnerable
(390.154-0ubuntu1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(390.154-0ubuntu1)
mantic Does not exist

nvidia-graphics-drivers-418-server
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Does not exist

mantic Does not exist

nvidia-graphics-drivers-430
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Ignored

mantic Ignored

nvidia-graphics-drivers-435
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Ignored

nvidia-graphics-drivers-440
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Ignored

nvidia-graphics-drivers-440-server
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Does not exist

nvidia-graphics-drivers-450
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Ignored

nvidia-graphics-drivers-450-server
Launchpad, Ubuntu, Debian
bionic
Released (450.203.03-0ubuntu0.18.04.1)
focal
Released (450.203.03-0ubuntu0.20.04.1)
jammy
Released (450.203.03-0ubuntu0.22.04.1)
lunar Not vulnerable
(450.203.03-0ubuntu1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(450.203.03-0ubuntu1)
mantic Does not exist

nvidia-graphics-drivers-455
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Ignored

nvidia-graphics-drivers-460
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Ignored

kinetic Ignored

lunar Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Ignored

nvidia-graphics-drivers-460-server
Launchpad, Ubuntu, Debian
bionic Ignored

focal Ignored

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Does not exist

nvidia-graphics-drivers-470
Launchpad, Ubuntu, Debian
bionic
Released (470.141.03-0ubuntu0.18.04.1)
focal
Released (470.141.03-0ubuntu0.20.04.1)
jammy
Released (470.141.03-0ubuntu0.22.04.1)
lunar Not vulnerable
(470.141.03-0ubuntu1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(470.141.03-0ubuntu1)
mantic Not vulnerable
(470.141.03-0ubuntu1)
nvidia-graphics-drivers-470-server
Launchpad, Ubuntu, Debian
bionic
Released (470.141.03-0ubuntu0.18.04.1)
focal
Released (470.141.03-0ubuntu0.20.04.1)
jammy
Released (470.141.03-0ubuntu0.22.04.1)
kinetic
Released (470.141.03-0ubuntu1)
lunar
Released (470.141.03-0ubuntu1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic
Released (470.141.03-0ubuntu1)
nvidia-graphics-drivers-495
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(superseded)
focal Not vulnerable
(superseded)
jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

mantic Does not exist

nvidia-graphics-drivers-510
Launchpad, Ubuntu, Debian
bionic
Released (510.85.02-0ubuntu0.18.04.1)
focal
Released (510.85.02-0ubuntu0.20.04.1)
jammy
Released (510.85.02-0ubuntu0.22.04.1)
lunar Not vulnerable
(510.85.02-0ubuntu2)
trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(510.85.02-0ubuntu2)
mantic Not vulnerable
(510.85.02-0ubuntu2)
nvidia-graphics-drivers-510-server
Launchpad, Ubuntu, Debian
bionic
Released (510.85.02-0ubuntu0.18.04.1)
focal
Released (510.85.02-0ubuntu0.20.04.1)
jammy
Released (510.85.02-0ubuntu0.22.04.1)
lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(510.85.02-0ubuntu1)
mantic Does not exist

nvidia-graphics-drivers-515
Launchpad, Ubuntu, Debian
focal
Released (515.65.01-0ubuntu0.20.04.1)
jammy
Released (515.65.01-0ubuntu0.22.04.1)
lunar Not vulnerable
(515.65.01-0ubuntu2)
trusty Does not exist

upstream Needs triage

xenial Does not exist

bionic
Released (515.65.01-0ubuntu0.18.04.1)
kinetic Not vulnerable
(515.65.01-0ubuntu2)
mantic Not vulnerable
(515.65.01-0ubuntu2)
nvidia-graphics-drivers-515-server
Launchpad, Ubuntu, Debian
bionic
Released (515.65.01-0ubuntu0.18.04.1)
focal
Released (515.65.01-0ubuntu0.20.04.1)
jammy
Released (515.65.01-0ubuntu0.22.04.1)
lunar Not vulnerable
(515.65.01-0ubuntu1)
trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Not vulnerable
(515.65.01-0ubuntu1)
mantic Not vulnerable
(515.65.01-0ubuntu1)

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H