CVE-2020-{5963|5967} NVIDIA

Bug #1882093 reported by Alberto Milone on 2020-06-04
266
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-390 (Ubuntu)
High
Alberto Milone
Bionic
High
Alberto Milone
Eoan
Undecided
Unassigned
Focal
High
Alberto Milone
nvidia-graphics-drivers-440 (Ubuntu)
High
Alberto Milone
Bionic
High
Alberto Milone
Eoan
Undecided
Unassigned
Focal
High
Alberto Milone
nvidia-graphics-drivers-440-server (Ubuntu)
Undecided
Unassigned
Bionic
High
Alberto Milone
Focal
High
Alberto Milone

Bug Description

Security update for CVE-2020-5963 CVE-2020-5967

CVE References

Changed in nvidia-graphics-drivers-390 (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
status: New → Triaged
Changed in nvidia-graphics-drivers-390 (Ubuntu Focal):
status: New → Triaged
Changed in nvidia-graphics-drivers-440 (Ubuntu Bionic):
status: New → Triaged
Changed in nvidia-graphics-drivers-440 (Ubuntu Focal):
status: New → Triaged
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
importance: Undecided → High
Changed in nvidia-graphics-drivers-390 (Ubuntu Focal):
importance: Undecided → High
Changed in nvidia-graphics-drivers-440 (Ubuntu Bionic):
importance: Undecided → High
Changed in nvidia-graphics-drivers-440 (Ubuntu Focal):
importance: Undecided → High
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-390 (Ubuntu Focal):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-440 (Ubuntu Bionic):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-440 (Ubuntu Focal):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-440 (Ubuntu Bionic):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-440 (Ubuntu Focal):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-390 (Ubuntu Focal):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-390 (Ubuntu Eoan):
status: New → In Progress
Changed in nvidia-graphics-drivers-440 (Ubuntu Eoan):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-390 - 390.138-0ubuntu0.20.04.1

---------------
nvidia-graphics-drivers-390 (390.138-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.
  * debian/templates/control.in:
    - make the DKMS dependency less strict.
    - Use versioned dependencies on nvidia-kernel-common and
      nvidia-dkms, to keep user space in sync with the kernel modules.
  * debian/rules:
    - expose DEBIAN_VERSION.

 -- Alberto Milone <email address hidden> Wed, 17 Jun 2020 11:28:13 +0200

Changed in nvidia-graphics-drivers-390 (Ubuntu Focal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-390 - 390.138-0ubuntu0.19.10.1

---------------
nvidia-graphics-drivers-390 (390.138-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.
  * debian/templates/control.in:
    - make the DKMS dependency less strict.
    - Use versioned dependencies on nvidia-kernel-common and
      nvidia-dkms, to keep user space in sync with the kernel modules.
  * debian/templates/dkms_nvidia.conf.in:
    - Drop do-not-call-pci_save_state.patch.
  * debian/rules:
    - expose DEBIAN_VERSION.

 -- Alberto Milone <email address hidden> Wed, 17 Jun 2020 11:49:19 +0200

Changed in nvidia-graphics-drivers-390 (Ubuntu Eoan):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-390 - 390.138-0ubuntu0.18.04.1

---------------
nvidia-graphics-drivers-390 (390.138-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.
  * debian/templates/control.in:
    - make the DKMS dependency less strict.
    - Use versioned dependencies on nvidia-kernel-common and
      nvidia-dkms, to keep user space in sync with the kernel modules.
  * debian/templates/dkms_nvidia.conf.in:
    - Drop do-not-call-pci_save_state.patch.
  * debian/rules:
    - expose DEBIAN_VERSION.

 -- Alberto Milone <email address hidden> Wed, 17 Jun 2020 11:34:40 +0200

Changed in nvidia-graphics-drivers-390 (Ubuntu Bionic):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-440 - 440.100-0ubuntu0.20.04.1

---------------
nvidia-graphics-drivers-440 (440.100-0ubuntu0.20.04.1) focal-security; urgency=medium

  * debian/templates/control.in,
    debian/rules:
    - Add dependency on nvidia-kernel-common.
    - Add Conflicts: libnvidia-extra.
    - Add missing build dependencies: libc6,libx11-6.
  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.

 -- Alberto Milone <email address hidden> Fri, 29 May 2020 12:14:43 +0200

Changed in nvidia-graphics-drivers-440 (Ubuntu Focal):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-440 - 440.100-0ubuntu0.19.10.1

---------------
nvidia-graphics-drivers-440 (440.100-0ubuntu0.19.10.1) eoan-security; urgency=medium

  * debian/templates/control.in,
    debian/rules:
    - Add dependency on nvidia-kernel-common.
    - Add libnvidia-extra.
    - Add missing build dependencies: libc6,libx11-6.
  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.

 -- Alberto Milone <email address hidden> Wed, 17 Jun 2020 12:04:50 +0200

Changed in nvidia-graphics-drivers-440 (Ubuntu Eoan):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-440 - 440.100-0ubuntu0.18.04.1

---------------
nvidia-graphics-drivers-440 (440.100-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.
  * debian/templates/nvidia-compute-utils-flavour.postinst.in:
    - Remove the --shell argument.
  * debian/templates/libnvidia-common-flavour.install.in:
    - Add the new libnvidia-allocator library.
  * debian/templates/dkms_nvidia.conf.in,
    debian/dkms_nvidia/patches/disable_fstack-clash-protection_fcf-protection.patch:
    - Update patch.
  * debian/templates/dkms_nvidia.conf.in:
  * Fix the installation path of nvidia_layers.json.
  * debian/rules:
    - Add more $arch_only and $arch_excluded.
    - Fix arch eq condition.
    - Merge the fragment file if uvm is not disabled.
    - Expose the debian version.
    - Build uvm unless the arch does not support it.
  * debian/templates:
    - Tidy up the html docs, and sort the lines in the files.
    - Even out spacing in files.
  * Add device-create, and use it in the udev rule, to replace
    nvidia-smi.
  * debian/templates/control.in:
    - Add build-dep on libkmod-dev, libpciaccess-dev, pkg-config.
    - Add Conflicts, Breaks and Replaces for libnvidia-extra.
    - Add nvidia-kernel-common dependency

 -- Alberto Milone <email address hidden> Fri, 29 May 2020 12:36:41 +0200

Changed in nvidia-graphics-drivers-440 (Ubuntu Bionic):
status: In Progress → Fix Released
Steve Beattie (sbeattie) on 2020-07-02
information type: Private Security → Public Security

Hello Alberto, or anyone else affected,

Accepted nvidia-graphics-drivers-440-server into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-440-server/440.95.01-0ubuntu0.18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-bionic
Changed in nvidia-graphics-drivers-390 (Ubuntu):
status: Triaged → Fix Released
Changed in nvidia-graphics-drivers-440 (Ubuntu):
status: Triaged → Fix Released
Vic Liu (zongminl) wrote :

Tested 440.95-server on both bionic and focal, please find results and related log here:
https://docs.google.com/spreadsheets/d/1LTKLunx9yAMaP1nfvZXIhqs3pSNuhyupJfqA_DrS6eY/edit#gid=1557613599

Alberto Milone (albertomilone) wrote :

The results look good to me. The only case that looks like a failure
doesn't really have the nvidia modules loaded, so it's ok.

Changed in nvidia-graphics-drivers-440-server (Ubuntu Bionic):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → Fix Committed
Changed in nvidia-graphics-drivers-440-server (Ubuntu Focal):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → Fix Committed
no longer affects: nvidia-graphics-drivers-440-server (Ubuntu Eoan)
tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-440-server - 440.95.01-0ubuntu0.18.04.1

---------------
nvidia-graphics-drivers-440-server (440.95.01-0ubuntu0.18.04.1) bionic; urgency=medium

  * Initial release (LP: #1882093):
    - CVE-2020-5963, CVE-2020-5967.

 -- Alberto Milone <email address hidden> Wed, 17 Jun 2020 13:09:22 +0200

Changed in nvidia-graphics-drivers-440-server (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for nvidia-graphics-drivers-440-server has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers