Source: nvidia-graphics-drivers Severity: serious Tags: security upstream Control: clone -1 -2 -3 Control: reassign -2 nvidia-graphics-drivers-legacy-340xx Control: reassign -3 nvidia-graphics-drivers-legacy-304xx Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability Control: close -1 367.57-1 Control: close -2 340.98-1 Control: close -3 304.132-1
http://nvidia.custhelp.com/app/answers/detail/a_id/4246 CVE-2016-7382 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. CVE-2016-7389 NVIDIA GPU Display Driver on Linux contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. Fixed versions: R370 370.28 R367 367.55 R340 340.98 R304 304.132 Andreas