Bug#800566: nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver

Andreas Beckmann anbe at debian.org
Wed Sep 30 23:43:47 UTC 2015

Source: nvidia-graphics-drivers
Version: 304.22-1
Severity: serious
Tags: security


A vulnerability has been found in the NVIDIA driver that could be used
to allow a local, non-privileged user to corrupt kernel memory. This
could be used to gain local root privileges.

A local user can issue a specially crafted IOCTL to write a 32-bit
integer value stored in the kernel driver to a user-specified memory
location, potentially in the kernel address space. The user has a
limited ability to influence the value of the integer that is written.

Exploit Scope and Risk:

This issue is present on Windows and Linux operating systems and affects
all currently supported NVIDIA driver releases and all GPUs. This issue
does not affect Android-based NVIDIA Tegra products.

Branch	1st version including the fix
R304	304.128
R340	340.93
R352	352.41


More information about the pkg-nvidia-devel mailing list