CVE-2024-0074

Name	CVE-2024-0074
Description	NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1064983, 1064984, 1064985, 1064986, 1064987, 1064988, 1064989, 1064990, 1064991

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nvidia-graphics-drivers (PTS)	jessie/non-free	340.106-1	vulnerable
	stretch/non-free (security), stretch/non-free (lts), stretch/non-free	390.144-1~deb9u1	vulnerable
	buster/non-free	418.226.00-3	vulnerable
	bullseye/non-free	470.223.02-1	vulnerable
	bookworm/non-free-firmware	525.147.05-4~deb12u1	vulnerable
	trixie/non-free-firmware	525.147.05-10	vulnerable
	sid/non-free-firmware	535.161.08-1	vulnerable
nvidia-graphics-drivers-legacy-340xx (PTS)	stretch/non-free	340.108-3~deb9u1	vulnerable
	buster/non-free	340.108-3~deb10u1	vulnerable
	sid/non-free	340.108-21	vulnerable
nvidia-graphics-drivers-legacy-390xx (PTS)	buster/non-free	390.154-1~deb10u1	vulnerable
	buster/non-free (security)	390.157-1~deb10u1	vulnerable
	bullseye/non-free	390.157-1~deb11u1	vulnerable
	sid/non-free	390.157-6	vulnerable
nvidia-graphics-drivers-tesla (PTS)	bookworm/non-free-firmware	525.147.05-4~deb12u1	vulnerable
	trixie/non-free-firmware	525.147.05-7	vulnerable
	sid/non-free-firmware	525.147.05-10	vulnerable
nvidia-graphics-drivers-tesla-418 (PTS)	bullseye/non-free	418.226.00-6~deb11u1	vulnerable
	sid/non-free	418.226.00-13	vulnerable
nvidia-graphics-drivers-tesla-450 (PTS)	bullseye/non-free	450.248.02-1~deb11u1	vulnerable
	sid/non-free	450.248.02-4	fixed
nvidia-graphics-drivers-tesla-460 (PTS)	bullseye/non-free	460.106.00-6~deb11u1	fixed
	sid/non-free	460.106.00-14	fixed
nvidia-graphics-drivers-tesla-470 (PTS)	bullseye/non-free	470.223.02-2~deb11u1	vulnerable
	bookworm/non-free	470.223.02-2~deb12u1	vulnerable
	trixie/non-free, sid/non-free	470.239.06-1	fixed
nvidia-open-gpu-kernel-modules (PTS)	bookworm/contrib	525.147.05-1~deb12u1	vulnerable
	trixie/contrib	525.147.05-3	vulnerable
	sid/contrib	535.161.08-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
nvidia-graphics-drivers	source	experimental	535.161.07-1
nvidia-graphics-drivers	source	jessie	(unfixed)	end-of-life
nvidia-graphics-drivers	source	stretch	(unfixed)	end-of-life
nvidia-graphics-drivers	source	(unstable)	(unfixed)		1064983
nvidia-graphics-drivers-legacy-340xx	source	stretch	(unfixed)	end-of-life
nvidia-graphics-drivers-legacy-340xx	source	(unstable)	(unfixed)		1064984
nvidia-graphics-drivers-legacy-390xx	source	(unstable)	(unfixed)		1064985
nvidia-graphics-drivers-tesla	source	(unstable)	(unfixed)		1064990
nvidia-graphics-drivers-tesla-418	source	(unstable)	(unfixed)		1064986
nvidia-graphics-drivers-tesla-450	source	(unstable)	450.248.02-4		1064987
nvidia-graphics-drivers-tesla-460	source	(unstable)	460.106.00-3		1064988
nvidia-graphics-drivers-tesla-470	source	(unstable)	470.239.06-1		1064989
nvidia-open-gpu-kernel-modules	source	(unstable)	(unfixed)		1064991

Notes

[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
[bookworm] - nvidia-graphics-drivers-tesla <no-dsa> (Non-free not supported)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
https://nvidia.custhelp.com/app/answers/detail/a_id/5520