update: nvidia-drivers

[dongsupark]

Name: nvidia-drivers CVEs: CVE-2023-31022, CVE-2024-0074, CVE-2024-0075, CVE-2024-0078, CVSSs: 5.5, n/a, n/a, n/a Action Needed: update to >= 535.129.03 for CVE-2023-31022, >= 535.161.07 for CVE-2024-007[458]

Summary:

• CVE-2023-31022: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
  • https://nvidia.custhelp.com/app/answers/detail/a_id/5491
  • https://security.gentoo.org/glsa/202405-28
• CVE-2024-0074: NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
• CVE-2024-0075: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.
• CVE-2024-0078: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.
  • https://nvidia.custhelp.com/app/answers/detail/a_id/5520

refmap.gentoo:

• CVE-2023-31022: https://bugs.gentoo.org/916583, https://security.gentoo.org/glsa/202405-28
• CVE-2024-007[458]: TBD

[dongsupark]

Added CVE-2024-0074, CVE-2024-0075, CVE-2024-0078. Needs 535.161.07.