QID 355383

Date Published: 2023-06-15

QID 355383: Amazon Linux Security Advisory for nvidia : AL2012-2023-412

Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2023-0199:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. CVE-2023-0198:
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. CVE-2023-0195:
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver CVE-2023-0194:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. CVE-2023-0191:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. CVE-2023-0190:
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. CVE-2023-0189:
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2023-0188:
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.

Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.

  • CVSS V3 rated as High - 7.8 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
    • Solution
    Administrators are advised to apply the appropriate software updates.
    Vendor References

    CVEs related to QID 355383

    CVE-2023-0198 | CVE-2023-0184 | CVE-2023-0189 | CVE-2023-0188 | CVE-2023-0194 | CVE-2023-0180 | CVE-2023-0191 | CVE-2023-0195 | CVE-2023-0190 | CVE-2023-0199 | CVE-2023-0185 |
    Software Advisories
    Advisory ID Software Component Link
    AL2012-2023-412 Amazon Linux Bare Metal URL Logo docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-updates.html
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].