Bug#846331: nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability

[Andreas Beckmann]

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3
Control: reassign -2 nvidia-graphics-drivers-legacy-340xx
Control: reassign -3 nvidia-graphics-drivers-legacy-304xx
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: close -1 367.57-1
Control: close -2 340.98-1
Control: close -3 304.132-1

http://nvidia.custhelp.com/app/answers/detail/a_id/4246

CVE-2016-7382

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) handler where a missing permissions check may allow
users to gain access to arbitrary physical memory, leading to an
escalation of privileges.

CVE-2016-7389

NVIDIA GPU Display Driver on Linux contains a vulnerability in the
kernel mode layer (nvidia.ko) handler for mmap() where improper input
validation may allow users to gain access to arbitrary physical memory,
leading to an escalation of privileges.

Fixed versions:

R370 	370.28
R367 	367.55
R340 	340.98
R304 	304.132


Andreas