Bug 1180696 - (CVE-2021-1056) VUL-0: CVE-2021-1056: nvidia kmps: kernel mode layer does not completely honor OS file system permissions
(CVE-2021-1056)
VUL-0: CVE-2021-1056: nvidia kmps: kernel mode layer does not completely hono...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michal Jura
Security Team bot
https://smash.suse.de/issue/274918/
CVSSv3.1:SUSE:CVE-2021-1056:5.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-08 10:29 UTC by Alexander Bergmann
Modified: 2022-09-30 14:59 UTC (History)
10 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-01-08 10:29:10 UTC
CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in
the kernel mode layer (nvidia.ko) in which it does not completely honor
operating system file system permissions to provide GPU device-level isolation,
which may lead to denial of service or information disclosure.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1056
https://nvidia.custhelp.com/app/answers/detail/a_id/5142
Comment 1 Klaus Kämpf 2021-01-08 11:11:05 UTC
Marek, I'd guess a simple rebuild with a new nvidia driver is sufficient here. Can you work with David Cassany on getting this released ?
Comment 2 Alexander Bergmann 2021-01-11 10:15:22 UTC
@Klaus, I'm a bit unsure how this NVIDIA driver container construct is actually working. At which point are we actually distributing nvidia.ko?

The same question goes to: bsc#1180694, bsc#1180695
Comment 3 Marcus Meissner 2021-01-11 10:30:44 UTC
hmm, is this really libnvidia-container or the nvidia*-kmp-* maintained by sndirsch?
Comment 4 Stefan Dirsch 2021-01-11 10:51:38 UTC
I already updated SUSE RPMs to 390.141 (G04)  and 460.32.03 (G05). These are avaiable via NVIDIA's repos since last friday. I believe all 3 bugs can be closed therefore.
Comment 5 Klaus Kämpf 2021-01-11 11:41:46 UTC
Marek should know the implementation details, I don't.
Comment 6 Jan Kara 2022-05-10 12:06:00 UTC
Guys, this seems forgotten and AFAICT the bug can be closed?
Comment 7 Takashi Iwai 2022-05-27 13:09:53 UTC
Any updates on this?

If the issue is for nvidia KMP, we can close.  Just let us know.
Comment 8 Takashi Iwai 2022-08-08 14:51:37 UTC
A gentle ping from Kernel Security Sentinel: https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel

This security bug has been ignored for weeks.  Could you guys give an update (either fix or reassign-back)?  Thanks.
Comment 9 Dan Čermák 2022-08-09 07:11:39 UTC
Reassigning to the libnvidia-container maintainer.
Comment 10 Oscar Salvador 2022-09-27 03:31:46 UTC
A gentle ping from Kernel Security Sentinel: https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel

This security bug has been ignored for weeks.  Could you guys give an update (either fix or reassign-back)?  Thanks.
Comment 11 Michal Jura 2022-09-27 06:33:03 UTC
I am going to rebuild libnvidia-container and all related packages
Comment 16 Marcus Meissner 2022-09-30 14:59:01 UTC
this only affects the nvidia kernel modules, which have been fixed.