Bug#846331: nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability

Andreas Beckmann Wed, 30 Nov 2016 03:15:56 -0800

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3
Control: reassign -2 nvidia-graphics-drivers-legacy-340xx
Control: reassign -3 nvidia-graphics-drivers-legacy-304xx
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, 
CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, 
CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: close -1 367.57-1
Control: close -2 340.98-1
Control: close -3 304.132-1


http://nvidia.custhelp.com/app/answers/detail/a_id/4246

CVE-2016-7382

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) handler where a missing permissions check may allow
users to gain access to arbitrary physical memory, leading to an
escalation of privileges.

CVE-2016-7389

NVIDIA GPU Display Driver on Linux contains a vulnerability in the
kernel mode layer (nvidia.ko) handler for mmap() where improper input
validation may allow users to gain access to arbitrary physical memory,
leading to an escalation of privileges.

Fixed versions:

R370    370.28
R367    367.55
R340    340.98
R304    304.132


Andreas

Bug#846331: nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability

Reply via email to