CVE-2015-7869

Bug #1512414 reported by Alberto Milone
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-304 (Ubuntu)
Fix Released
High
Alberto Milone
Precise
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Unassigned
Wily
Fix Released
Undecided
Unassigned
nvidia-graphics-drivers-340 (Ubuntu)
Fix Released
High
Alberto Milone
Precise
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Unassigned
Wily
Fix Released
Undecided
Unassigned
nvidia-graphics-drivers-352 (Ubuntu)
Fix Released
High
Alberto Milone
Trusty
Fix Released
High
Marc Deslauriers
Vivid
Fix Released
Undecided
Unassigned
Wily
Fix Released
Undecided
Unassigned

Bug Description

The issue is tracked as CVE-2015-7869, “Unsanitized User Mode Input”. Note that the security issue is not yet public and Nvidia plans to have public disclosure on 11/18/2015. This affects affects nvidia-304 and later branches.

The official releases from NVIDIA will be available on 11/16/15. I am going to take care of the packaging.

CVE References

Changed in nvidia-graphics-drivers-304 (Ubuntu):
status: New → Triaged
Changed in nvidia-graphics-drivers-340 (Ubuntu):
status: New → Triaged
no longer affects: nvidia-graphics-drivers-304 (Ubuntu Xenial)
no longer affects: nvidia-graphics-drivers-340 (Ubuntu Xenial)
no longer affects: nvidia-graphics-drivers-352 (Ubuntu Xenial)
Changed in nvidia-graphics-drivers-304 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: Triaged → In Progress
no longer affects: nvidia-graphics-drivers-352 (Ubuntu Precise)
Changed in nvidia-graphics-drivers-340 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-352 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-352 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → High
status: New → Triaged
Revision history for this message
Alberto Milone (albertomilone) wrote :

The updated drivers are available in xenial-proposed. I made the rest of the packages available on chinstrap on 13/11.

Changed in nvidia-graphics-drivers-304 (Ubuntu):
status: In Progress → Fix Committed
Changed in nvidia-graphics-drivers-340 (Ubuntu):
status: In Progress → Fix Committed
Changed in nvidia-graphics-drivers-352 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.131-0ubuntu0.12.04.1

---------------
nvidia-graphics-drivers-304 (304.131-0ubuntu0.12.04.1) precise-security; urgency=medium

  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Fri, 13 Nov 2015 12:04:33 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.131-0ubuntu0.15.10.1

---------------
nvidia-graphics-drivers-304 (304.131-0ubuntu0.15.10.1) wily-security; urgency=medium

  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 15:12:05 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Wily):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.131-0ubuntu0.15.04.1

---------------
nvidia-graphics-drivers-304 (304.131-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 16:30:14 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Vivid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.96-0ubuntu0.15.04.1

---------------
nvidia-graphics-drivers-340 (340.96-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * debian/templates/dkms_nvidia.conf.in:
    - Drop buildfix_kernel_3.18.patch.
  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 16:17:39 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Vivid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-352 - 352.63-0ubuntu0.14.04.1

---------------
nvidia-graphics-drivers-352 (352.63-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Initial release.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).

 -- Alberto Milone <email address hidden> Fri, 13 Nov 2015 10:05:20 +0100

Changed in nvidia-graphics-drivers-352 (Ubuntu Trusty):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-352 - 352.63-0ubuntu0.15.04.1

---------------
nvidia-graphics-drivers-352 (352.63-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * Initial release.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 15:41:53 +0100

Changed in nvidia-graphics-drivers-352 (Ubuntu Vivid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.131-0ubuntu0.14.04.1

---------------
nvidia-graphics-drivers-304 (304.131-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Fri, 13 Nov 2015 11:57:23 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.96-0ubuntu0.12.04.1

---------------
nvidia-graphics-drivers-340 (340.96-0ubuntu0.12.04.1) precise-security; urgency=medium

  * debian/templates/dkms_nvidia.conf.in:
    - Drop buildfix_kernel_3.18.patch.
  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Fri, 13 Nov 2015 12:25:38 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.96-0ubuntu0.15.10.1

---------------
nvidia-graphics-drivers-340 (340.96-0ubuntu0.15.10.1) wily-security; urgency=medium

  * debian/templates/dkms_nvidia.conf.in:
    - Drop all the patches.
  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 12:38:27 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Wily):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-352 - 352.63-0ubuntu0.15.10.1

---------------
nvidia-graphics-drivers-352 (352.63-0ubuntu0.15.10.1) wily-security; urgency=medium

  * debian/templates/dkms_nvidia.conf.in:
    - Drop buildfix_kernel_4.3.patch. The upstream code already
      includes this fix.
  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Added support for the following GPUs:
      GeForce 945M
      Quadro M5000M
      Quadro M4000M
      Quadro M3000M
      Quadro M2000M
      Quadro M1000M
      Quadro M600M
      NVS 810
    - Fixed a regression that prevented DPMS from working
      correctly on some DisplayPort displays.
    - Fixed a bug that could prevent X from starting when
      configured with multiple X screens, some of which
      scan out to display devices, and some of which do not.
    - Fixed a bug that could cause texture corruption in
      some OpenGL applications when video memory is exhausted
      by a combination of simultaneously running graphical
      and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Thu, 12 Nov 2015 12:17:30 +0100

Changed in nvidia-graphics-drivers-352 (Ubuntu Wily):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.96-0ubuntu0.14.04.1

---------------
nvidia-graphics-drivers-340 (340.96-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * debian/templates/dkms_nvidia.conf.in:
    - Drop all the patches.
  * debian/substvars:
    - Add support for X ABI 20.
  * SECURITY UPDATE:
    - CVE-2015-7869 (LP: #1512414).
  * New upstream release:
    - Fixed a bug that could cause texture corruption in some OpenGL
      applications when video memory is exhausted by a combination
      of simultaneously running graphical and compute workloads.
    - Added support for X.Org xserver ABI 20 (xorg-server 1.18).

 -- Alberto Milone <email address hidden> Fri, 13 Nov 2015 11:15:52 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Trusty):
status: New → Fix Released
information type: Private Security → Public Security
Changed in nvidia-graphics-drivers-304 (Ubuntu):
status: Fix Committed → Fix Released
Changed in nvidia-graphics-drivers-340 (Ubuntu):
status: Fix Committed → Fix Released
Changed in nvidia-graphics-drivers-352 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.