CVE-2022-42260

Name	CVE-2022-42260
Description	NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1025279, 1025282, 1025283, 1025284, 1025285, 1025286, 1025287

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nvidia-graphics-drivers (PTS)	jessie/non-free	340.106-1	vulnerable
	stretch/non-free (security), stretch/non-free (lts), stretch/non-free	390.144-1~deb9u1	vulnerable
	buster/non-free	418.226.00-3	vulnerable
	bullseye/non-free	470.256.02-2	fixed
	bookworm/non-free-firmware	535.183.01-1~deb12u1	fixed
	sid/non-free-firmware, trixie/non-free-firmware	535.216.01-1	fixed
nvidia-graphics-drivers-tesla (PTS)	bookworm/non-free-firmware	525.147.05-7~deb12u1	fixed
	sid/non-free-firmware, trixie/non-free-firmware	525.147.05-12	fixed
nvidia-graphics-drivers-tesla-418 (PTS)	bullseye/non-free	418.226.00-6~deb11u2	vulnerable
	sid/non-free	418.226.00-16	vulnerable
nvidia-graphics-drivers-tesla-450 (PTS)	bullseye/non-free	450.248.02-7~deb11u1	fixed
	sid/non-free	450.248.02-8	fixed
nvidia-graphics-drivers-tesla-460 (PTS)	bullseye/non-free	460.106.00-17~deb11u1	fixed
	sid/non-free	460.106.00-18	fixed
nvidia-graphics-drivers-tesla-470 (PTS)	bullseye/non-free	470.256.02-1~deb11u2	fixed
	bookworm/non-free	470.256.02-1~deb12u1	fixed
	trixie/non-free, sid/non-free	470.256.02-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
nvidia-graphics-drivers	source	jessie	(unfixed)	end-of-life
nvidia-graphics-drivers	source	stretch	(unfixed)	end-of-life
nvidia-graphics-drivers	source	bullseye	470.161.03-1
nvidia-graphics-drivers	source	(unstable)	510.108.03-1		1025279
nvidia-graphics-drivers-tesla	source	(unstable)	510.108.03-1		1025287
nvidia-graphics-drivers-tesla-418	source	(unstable)	(unfixed)		1025282
nvidia-graphics-drivers-tesla-450	source	bullseye	450.216.04-1~deb11u1
nvidia-graphics-drivers-tesla-450	source	(unstable)	450.216.04-1		1025283
nvidia-graphics-drivers-tesla-460	source	(unstable)	460.106.00-3		1025284
nvidia-graphics-drivers-tesla-470	source	bullseye	470.161.03-1~deb11u1
nvidia-graphics-drivers-tesla-470	source	(unstable)	470.161.03-1		1025285
nvidia-graphics-drivers-tesla-510	source	(unstable)	510.108.03-1		1025286

Notes

[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470