Bug#1109915: marked as done (nvidia-open-gpu-kernel-modules: CVE-2025-23279, CVE-2025-23286)

Fri, 26 Dec 2025 07:19:18 -0800 

Your message dated Fri, 26 Dec 2025 15:17:30 +0000
with message-id <[email protected]>
and subject line Bug#1109915: fixed in nvidia-open-gpu-kernel-modules 
535.261.03-1
has caused the Debian Bug report #1109915,
regarding nvidia-open-gpu-kernel-modules: CVE-2025-23279, CVE-2025-23286
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1109915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109915
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <[email protected]>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2025-23279, 
CVE-2025-23286
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2025-23279, 
CVE-2025-23286
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2025-23279, 
CVE-2025-23286
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2025-23279, 
CVE-2025-23286
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2025-23279, 
CVE-2025-23286
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2025-23279, 
CVE-2025-23286
Control: tag -7 + wontfix
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2025-23279, 
CVE-2025-23286
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2025-23279, 
CVE-2025-23286
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -9 560.28.03-1
Control: found -9 565.57.01-1
Control: found -9 570.86.16-1
Control: found -9 575.51.02-1
Control: reassign -10 src:nvidia-graphics-drivers-tesla-535 535.216.01-1
Control: retitle -10 nvidia-graphics-drivers-tesla-535: CVE-2025-23279, 
CVE-2025-23286
Control: reassign -11 src:nvidia-graphics-drivers-tesla-550 550.54.15-1
Control: retitle -11 nvidia-graphics-drivers-tesla-550: CVE-2025-23279, 
CVE-2025-23286
Control: tag -11 + wontfix
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1
Control: found -1 560.28.03-1
Control: found -1 565.57.01-1
Control: found -1 570.86.16-1
Control: found -1 575.51.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5670

CVE‑2025‑23279  NVIDIA .run Installer for Linux and Solaris contains a
vulnerability where an attacker could use a race condition to escalate
privileges. A successful exploit of this vulnerability might lead to
coqe execution, escalation of privileges, information disclosure, denial
of service, or data tampering.

CVE‑2025‑23286  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where an attacker could read invalid memory. A
successful exploit of this vulnerability might lead to information
disclosure.

Linux Driver Branch     CVEs Addressed
R570                    CVE-2025-23279
R535                    CVE-2025-23279,  CVE-2025-23286

Driver Branch   Affected Driver Versions                Updated Driver Version

R575            All driver version prior to 575.64.05   575.64.05
R570            All driver version prior to 570.172.08  570.172.08
R535            All driver versions prior to 535.261.03 535.261.03

Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-open-gpu-kernel-modules
Source-Version: 535.261.03-1
Done: Andreas Beckmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated 
nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Dec 2025 00:05:31 +0100
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 535.261.03-1
Distribution: bookworm
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Closes: 1109915
Changes:
 nvidia-open-gpu-kernel-modules (535.261.03-1) bookworm; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.261.03 (2025-07-17).
     * Fixed CVE-2025-23279, CVE-2025-23286.  (Closes: #1109915)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5670
   * Sync with src:nvidia-graphics-drivers.
   * Upload to bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.247.01-2) UNRELEASED; urgency=medium
 .
   * Backport page_pgmap and hmm_make_device_exclusive_range changes from
     570.153.02 to fix open kernel module build for Linux 6.15.
   * Sync with src:nvidia-graphics-drivers.
Checksums-Sha1:
 8b022f3a96f4fd843112571b11db215c0c2c745e 2681 
nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 5a30d2cb6ba1c41bd348e11abd46f94ca1eb861d 12521372 
nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 775b504fedee3e93faa786143a2ae2d543be7aee 30272 
nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 56c10fc60c70b8c1256a440d9777e06be0ccc88b 6096 
nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo
Checksums-Sha256:
 5de1fdaa0d57529ebd24818fecfc1df4ef2e53b2b1a736debd6a2098625cf0e1 2681 
nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 14f64f53694d4a580ea68a561db02c2a8847790087a86f50fd2f40eac3eebb8f 12521372 
nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 3a21bfbc11925c2a26528e6a0fc91168edfe74cbf466be12089ee922bc9617c2 30272 
nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 542bf7a17476d9cf922df14bc1cee85e42e6834781f9fe629bf3645e3fceba9f 6096 
nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo
Files:
 fb647a6b788c48222d9f67c7e67f00b6 2681 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 5e32dcdc7cf550d00e2af872104131dc 12521372 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 fa41eab23b2e72ddc5844322b3380d4f 30272 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 124bebfeebbc51fdf9e0371017800c2b 6096 contrib/kernel optional 
nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmlHL4cQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCOAWD/0XMiq74hdLyv4gf0VoRkcuU23rz132o9tP
7xZk2i+y6Yi2NDJzVWyAkzxzJpZeLYZWdZTDCpGhlGZK3+mvYBiCdP216ga6+mfq
eESmVGV9bQTnyuBpGHbzDLCttou0uK9R4Wqb2yd3t8YQOWdHQ17dgxnKh8KLEuUX
ghD2YFC+vE8ntGOej0HXsvr4qYiY/UJc8xf6HXMpwpNK91YhX37wJyQKHu/DXxeQ
RD23hfUruySfoYEDLQIMfJosAJcpRy5GuRPHb4opJuCYdk7jTVxZuLBlbRZTbll/
oTTr5FaJC/UYV+otDSWXUY0n4TMIw/aoNO0EDx7TQtLsgNyWcPyDVHGabla9Ktl0
T41eT7rmOmTMzKMzmalU0MX5QMdG4BYsJrGuMpuhsQnZ3prJHbL2nF1c0s+F+Sj+
gs5GU6lPjQmSS/BgDobmXNRn5vWFdvBdKo8PhGns7rW9wExlrz2p3d8/DowjlvEo
8T3xHl2+m7Qe+qoMvrTfj4HK8fdJjojZ40IhwkCD9KYGZRNqWTtbOy0iGpuvbrWg
iXWep8eJQt8zDYZ2FzRORBTPLfNKbLZf/023cw3O91DaS4QeoBNVdfuRpKNJXCOp
xHO/QbDhryq0eRhYRwxp9gv9oFWGCBmwVC4Eje35h9tD/9bRGHSuyBTKZCJ6A9R6
7b76lVuQrw==
=3ST7
-----END PGP SIGNATURE-----

Attachment: pgpJ1p1T5wIyG.pgp
Description: PGP signature


--- End Message ---

Reply via email to