update: nvidia-drivers

[dongsupark]

Name: nvidia-drivers
CVEs: CVE-2023-31022, CVE-2024-0074, CVE-2024-0075, CVE-2024-0078, CVE-2024-0126
CVSSs: 5.5, 7.1, 6.5, 6.5, 8.2
Action Needed: update to >= 535.216.01

Summary:

• CVE-2023-31022: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
  • https://nvidia.custhelp.com/app/answers/detail/a_id/5491
  • https://security.gentoo.org/glsa/202405-28
• CVE-2024-0074: NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
• CVE-2024-0075: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.
• CVE-2024-0078: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.
  • https://nvidia.custhelp.com/app/answers/detail/a_id/5520
• CVE-2024-0126: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions

refmap.gentoo:

• CVE-2023-31022: https://bugs.gentoo.org/916583, https://security.gentoo.org/glsa/202405-28
• CVE-2024-007[458]: TBD
• CVE-2024-0126: https://bugs.gentoo.org/942031

[dongsupark]

Added CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.
Needs 535.161.07.

[tormath1]

Added CVE-2024-0126 (https://bugs.gentoo.org/942031)