CVE-2018-6260

Bug #1814548 reported by Alberto Milone on 2019-02-04
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-390 (Ubuntu)
High
Alberto Milone
Bionic
High
Alberto Milone
Cosmic
High
Alberto Milone

Bug Description

The 390 series (in Bionic and in Cosmic) and the 410 series (only in Disco) are affected by CVE-2018-6260.

CVE References

Changed in nvidia-graphics-drivers-390 (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
status: New → In Progress
Changed in nvidia-graphics-drivers-390 (Ubuntu Cosmic):
status: New → In Progress
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
importance: Undecided → High
Changed in nvidia-graphics-drivers-390 (Ubuntu Cosmic):
importance: Undecided → High
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-390 (Ubuntu Cosmic):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-390 (Ubuntu):
status: Triaged → Fix Released
Alberto Milone (albertomilone) wrote :

I have built the packages (for i386, amd64, and armhf) in the following PPA:
https://launchpad.net/~oem-solutions-group/+archive/ubuntu/nvidia-driver-staging

Somebody should copy the following into the (Bionic and Cosmic) security pocket:

nvidia-graphics-drivers-390_390.116-0ubuntu0.18.10.1
nvidia-graphics-drivers-390_390.116-0ubuntu0.18.04.1

Alberto Milone (albertomilone) wrote :

Note: I am not attaching the debdiffs (which you can find in the PPA), since they are over 200Mb, because of the upstream binaries.

description: updated
Alberto Milone (albertomilone) wrote :

Note 2: I have had the drivers for a while now, and I haven't experienced any issues with them on my machines.

Alberto Milone (albertomilone) wrote :

In order to make the diffs easier to review, I made the actual diffs starting from my commits on github:

https://github.com/tseliot/nvidia-graphics-drivers/tree/390-bionic

https://github.com/tseliot/nvidia-graphics-drivers/tree/390-cosmic

Alberto Milone (albertomilone) wrote :
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-390 - 390.116-0ubuntu0.18.04.1

---------------
nvidia-graphics-drivers-390 (390.116-0ubuntu0.18.04.1) bionic; urgency=medium

  * SECURITY UPDATE:
    - CVE‑2018‑6260 (LP: #1814548).
  * New upstream release:
    - Fixed build failures which resulted in errors like "implicit
      declaration of function drm_...", when building the NVIDIA
      DRM kernel module for Linux kernel 5.0 release candidates.
    - Fixed a bug which could cause VK_KHR_external_semaphore_fd
      operations to fail.
    - Fixed a build failure, "implicit declaration of function
      'vm_insert_pfn'", when building the NVIDIA DRM kernel module
      for Linux kernel 4.20 release candidates.
    - Fixed a build failure, "unknown type name 'ipmi_user_t'",
      when building the NVIDIA kernel module for Linux kernel 4.20
      release candidates.
    - Fixed a bug that caused mode switches to fail when an SDI
      output board was connected.
    - Fixed a bug that could cause rendering corruption in Vulkan
      programs.
    - Fixed a bug that caused
      vkGetPhysicalDeviceDisplayPropertiesKHR() to occasionally
      return incorrect values for physicalResolution.
    - Added the synchronization state for PRIME Displays to nvidia-
      settings.
    - Fixed a bug that could prevent nvidia-xconfig from disabling
      the X Composite extension on version 1.20 of the X.org X
      server.
    - Fixed a build failure, "too many arguments to function
      'get_user_pages'", when building the NVIDIA kernel module for
      Linux kernel v4.4.168.
    - Fixed a build failure, "implicit declaration of function
      do_gettimeofday", when building the NVIDIA kernel module for
      Linux kernel 5.0 release candidates.
    - Added a new kernel module parameter,
      NVreg_RestrictProfilingToAdminUsers, to allow restricting the
      use of GPU performance counters to system administrators
      only.

 -- Alberto Milone <email address hidden> Mon, 25 Feb 2019 12:10:20 +0100

Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-390 - 390.116-0ubuntu0.18.10.1

---------------
nvidia-graphics-drivers-390 (390.116-0ubuntu0.18.10.1) cosmic; urgency=medium

  * SECURITY UPDATE:
    - CVE‑2018‑6260 (LP: #1814548).
  * New upstream release:
    - Fixed build failures which resulted in errors like "implicit
      declaration of function drm_...", when building the NVIDIA
      DRM kernel module for Linux kernel 5.0 release candidates.
    - Fixed a bug which could cause VK_KHR_external_semaphore_fd
      operations to fail.
    - Fixed a build failure, "implicit declaration of function
      'vm_insert_pfn'", when building the NVIDIA DRM kernel module
      for Linux kernel 4.20 release candidates.
    - Fixed a build failure, "unknown type name 'ipmi_user_t'",
      when building the NVIDIA kernel module for Linux kernel 4.20
      release candidates.
    - Fixed a bug that caused mode switches to fail when an SDI
      output board was connected.
    - Fixed a bug that could cause rendering corruption in Vulkan
      programs.
    - Fixed a bug that caused
      vkGetPhysicalDeviceDisplayPropertiesKHR() to occasionally
      return incorrect values for physicalResolution.
    - Added the synchronization state for PRIME Displays to nvidia-
      settings.
    - Fixed a bug that could prevent nvidia-xconfig from disabling
      the X Composite extension on version 1.20 of the X.org X
      server.
    - Fixed a build failure, "too many arguments to function
      'get_user_pages'", when building the NVIDIA kernel module for
      Linux kernel v4.4.168.
    - Fixed a build failure, "implicit declaration of function
      do_gettimeofday", when building the NVIDIA kernel module for
      Linux kernel 5.0 release candidates.
    - Added a new kernel module parameter,
      NVreg_RestrictProfilingToAdminUsers, to allow restricting the
      use of GPU performance counters to system administrators
      only.

 -- Alberto Milone <email address hidden> Mon, 25 Feb 2019 12:16:58 +0100

Changed in nvidia-graphics-drivers-390 (Ubuntu Cosmic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers