CVE-2021-1077

Name	CVE-2021-1077
Description	NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	987216, 987221, 987222

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nvidia-graphics-drivers (PTS)	jessie/non-free	340.106-1	vulnerable
	stretch/non-free (security), stretch/non-free (lts), stretch/non-free	390.144-1~deb9u1	fixed
	buster/non-free	418.226.00-3	vulnerable
	bullseye/non-free	470.256.02-2	fixed
	bookworm/non-free-firmware	535.183.01-1~deb12u1	fixed
	sid/non-free-firmware, trixie/non-free-firmware	535.216.01-1	fixed
nvidia-graphics-drivers-tesla-450 (PTS)	bullseye/non-free	450.248.02-7~deb11u1	fixed
	sid/non-free	450.248.02-8	fixed
nvidia-graphics-drivers-tesla-460 (PTS)	bullseye/non-free	460.106.00-17~deb11u1	fixed
	sid/non-free	460.106.00-18	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
nvidia-graphics-drivers	source	jessie	(unfixed)	end-of-life
nvidia-graphics-drivers	source	stretch	(not affected)
nvidia-graphics-drivers	source	(unstable)	460.73.01-1		987216
nvidia-graphics-drivers-tesla-450	source	(unstable)	450.119.03-1		987221
nvidia-graphics-drivers-tesla-460	source	(unstable)	460.73.01-1		987222

[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
[stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)