USN-4689-1: NVIDIA graphics drivers vulnerabilities

Releases

• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• nvidia-graphics-drivers-390 - NVIDIA binary X.Org driver
• nvidia-graphics-drivers-450 - NVIDIA binary X.Org driver
• nvidia-graphics-drivers-460 - NVIDIA binary X.Org driver

Details

It was discovered that the NVIDIA GPU display driver for the Linux kernel
contained a vulnerability that allowed user-mode clients to access legacy
privileged APIs. A local attacker could use this to cause a denial of
service or escalate privileges. (CVE-2021-1052)

It was discovered that the NVIDIA GPU display driver for the Linux kernel
did not properly validate a pointer received from userspace in some
situations. A local attacker could use this to cause a denial of service.
(CVE-2021-1053)

Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux
kernel did not properly restrict device-level GPU isolation. A local
attacker could use this to cause a denial of service or possibly expose
sensitive information. (CVE-2021-1056)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

• xserver-xorg-video-nvidia-390 - 390.141-0ubuntu0.20.10.1
• xserver-xorg-video-nvidia-440 - 450.102.04-0ubuntu0.20.10.1
• xserver-xorg-video-nvidia-450 - 450.102.04-0ubuntu0.20.10.1
• xserver-xorg-video-nvidia-455 - 460.32.03-0ubuntu0.20.10.1
• xserver-xorg-video-nvidia-460 - 460.32.03-0ubuntu0.20.10.1

Ubuntu 20.04

• xserver-xorg-video-nvidia-390 - 390.141-0ubuntu0.20.04.1
• xserver-xorg-video-nvidia-440 - 450.102.04-0ubuntu0.20.04.1
• xserver-xorg-video-nvidia-450 - 450.102.04-0ubuntu0.20.04.1
• xserver-xorg-video-nvidia-455 - 460.32.03-0ubuntu0.20.04.1
• xserver-xorg-video-nvidia-460 - 460.32.03-0ubuntu0.20.04.1

Ubuntu 18.04

• xserver-xorg-video-nvidia-390 - 390.141-0ubuntu0.18.04.1
• xserver-xorg-video-nvidia-440 - 450.102.04-0ubuntu0.18.04.1
• xserver-xorg-video-nvidia-450 - 450.102.04-0ubuntu0.18.04.1
• xserver-xorg-video-nvidia-455 - 460.32.03-0ubuntu0.18.04.1
• xserver-xorg-video-nvidia-460 - 460.32.03-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to reboot your
computer to make all the necessary changes.

References

• CVE-2021-1052
• CVE-2021-1053
• CVE-2021-1056

Related notices

• USN-4689-2: linux-image-virtual-hwe-16.04, linux-image-generic-lpae-hwe-16.04, linux-azure-4.15, linux-image-generic-lpae-hwe-18.04-edge, linux-image-5.4.0-1035-aws, linux-image-5.8.0-1015-oracle, linux-image-lowlatency-hwe-16.04, linux-image-5.8.0-1016-gcp, linux-image-generic-hwe-16.04, linux-image-snapdragon-hwe-18.04-edge, linux-image-generic-lpae, linux-aws, linux-image-5.4.0-1036-azure, linux-image-generic-lpae-hwe-20.04-edge, linux-image-aws, linux-image-5.4.0-1034-gcp, linux-image-virtual-hwe-16.04-edge, linux-image-azure-edge, linux-image-oracle-lts-18.04, linux-image-virtual-hwe-20.04-edge, linux-image-azure, linux-image-4.15.0-130-lowlatency, linux-image-5.8.0-36-generic-lpae, linux-image-generic-hwe-16.04-edge, linux-image-oem-20.04, linux-image-generic-hwe-18.04, linux-image-generic-hwe-20.04, linux-oracle, linux-hwe-5.8, linux-image-4.15.0-130-generic, linux-image-virtual-hwe-18.04, linux-image-5.4.0-60-lowlatency, linux-image-5.8.0-1018-aws, linux-image-5.8.0-36-generic, linux-hwe-5.4, linux-image-generic-64k, linux-azure, linux-image-5.8.0-36-generic-64k, linux-image-generic-hwe-18.04-edge, linux-image-oracle, linux-oracle-5.4, linux-image-lowlatency-hwe-18.04-edge, linux-image-generic-64k-hwe-20.04, linux-image-lowlatency-hwe-20.04-edge, linux-image-generic-lpae-hwe-20.04, linux-gcp-5.4, linux-image-4.15.0-1104-azure, linux-image-generic-64k-hwe-20.04-edge, linux-aws-5.4, linux-image-5.8.0-36-lowlatency, linux-image-oem-osp1, linux-oem-5.6, linux-image-virtual, linux-image-oem, linux-image-gcp-edge, linux-image-generic-lpae-hwe-18.04, linux-image-azure-lts-18.04, linux-image-lowlatency-hwe-18.04, linux-image-4.15.0-1063-oracle, linux-image-4.15.0-130-generic-lpae, linux-image-lowlatency-hwe-20.04, linux-image-virtual-hwe-18.04-edge, linux-image-aws-edge, linux-image-5.6.0-1042-oem, linux-gcp, linux-image-generic-hwe-20.04-edge, linux-image-5.4.0-60-generic, linux-image-generic, linux-image-5.4.0-60-generic-lpae, linux-image-snapdragon-hwe-18.04, linux-azure-5.4, linux-image-gke, linux, linux-image-virtual-hwe-20.04, linux-image-aws-lts-18.04, linux-image-4.15.0-1092-aws, linux-image-lowlatency-hwe-16.04-edge, linux-image-lowlatency, linux-image-oracle-edge, linux-image-5.4.0-1035-oracle, linux-image-5.8.0-1017-azure, linux-image-generic-lpae-hwe-16.04-edge, linux-image-gcp
• USN-4689-3: nvidia-graphics-drivers-418-server, libnvidia-fbc1-450-server, libnvidia-cfg1-450-server, libnvidia-gl-418-server, libnvidia-decode-450-server, nvidia-headless-no-dkms-418-server, libnvidia-ifr1-440-server, libnvidia-fbc1-440-server, libnvidia-compute-418-server, nvidia-dkms-418-server, nvidia-utils-440-server, nvidia-driver-418-server, nvidia-headless-no-dkms-450-server, nvidia-dkms-440-server, nvidia-headless-440-server, libnvidia-common-440-server, libnvidia-decode-440-server, libnvidia-gl-450-server, libnvidia-ifr1-418-server, nvidia-compute-utils-450-server, xserver-xorg-video-nvidia-418-server, xserver-xorg-video-nvidia-450-server, libnvidia-extra-450-server, nvidia-driver-440-server, libnvidia-compute-450-server, nvidia-headless-450-server, nvidia-kernel-common-440-server, nvidia-kernel-common-450-server, libnvidia-encode-418-server, libnvidia-encode-440-server, libnvidia-decode-418-server, libnvidia-common-450-server, nvidia-driver-450-server, nvidia-kernel-source-440-server, libnvidia-fbc1-418-server, libnvidia-cfg1-440-server, libnvidia-ifr1-450-server, nvidia-kernel-common-418-server, nvidia-headless-418-server, nvidia-compute-utils-440-server, nvidia-graphics-drivers-450-server, libnvidia-encode-450-server, nvidia-utils-450-server, nvidia-kernel-source-450-server, nvidia-kernel-source-418-server, libnvidia-extra-440-server, xserver-xorg-video-nvidia-440-server, libnvidia-compute-440-server, libnvidia-gl-440-server, libnvidia-common-418-server, libnvidia-cfg1-418-server, nvidia-utils-418-server, nvidia-dkms-450-server, nvidia-headless-no-dkms-440-server, nvidia-compute-utils-418-server
• USN-4689-4: linux-image-5.8.0-1019-azure, linux-image-5.8.0-40-lowlatency, linux-image-virtual-hwe-16.04, linux-image-virtual-hwe-20.04-edge, linux-image-generic-lpae-hwe-20.04, linux-image-generic-lpae-hwe-16.04, linux-gcp, linux-image-5.8.0-1019-gcp, linux-image-azure, linux-image-generic-hwe-20.04-edge, linux-image-5.4.0-64-generic, linux-image-generic-hwe-16.04-edge, linux-image-generic-lpae-hwe-18.04-edge, linux-image-5.4.0-64-generic-lpae, linux-image-4.15.0-134-lowlatency, linux-image-generic-64k-hwe-20.04-edge, linux-image-oem-20.04, linux-image-generic, linux-image-generic-hwe-18.04, linux-image-generic-hwe-20.04, linux-oracle, linux-image-5.4.0-64-lowlatency, linux-hwe-5.8, linux-image-lowlatency-hwe-16.04, linux-image-snapdragon-hwe-18.04, linux-image-oem-osp1, linux-image-virtual-hwe-18.04, linux-image-virtual, linux-image-generic-hwe-16.04, linux-image-4.15.0-134-generic, linux-image-oem, linux-image-generic-lpae, linux-image-gke, linux-aws, linux-image-snapdragon-hwe-18.04-edge, linux-hwe-5.4, linux-image-generic-lpae-hwe-20.04-edge, linux, linux-image-5.8.0-40-generic-lpae, linux-image-aws, linux-azure, linux-image-5.8.0-1020-aws, linux-image-5.8.0-1017-oracle, linux-image-generic-64k, linux-image-generic-lpae-hwe-18.04, linux-image-virtual-hwe-20.04, linux-image-generic-hwe-18.04-edge, linux-image-oracle, linux-image-lowlatency-hwe-18.04, linux-image-lowlatency-hwe-16.04-edge, linux-image-lowlatency, linux-image-lowlatency-hwe-18.04-edge, linux-image-generic-64k-hwe-20.04, linux-image-virtual-hwe-16.04-edge, linux-image-lowlatency-hwe-20.04-edge, linux-image-generic-lpae-hwe-16.04-edge, linux-image-5.8.0-40-generic, linux-image-4.15.0-134-generic-lpae, linux-image-5.8.0-40-generic-64k, linux-image-lowlatency-hwe-20.04, linux-image-virtual-hwe-18.04-edge, linux-image-gcp