Bug#846333: nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability

Luca Boccassi lboccass at Brocade.com
Wed Nov 30 11:35:14 UTC 2016


On Wed, 30 Nov 2016 12:12:23 +0100 Andreas Beckmann <anbe at debian.org> wrote:
> Source: nvidia-graphics-drivers
> Severity: serious
> Tags: security upstream
> Control: clone -1 -2 -3
> Control: reassign -2 nvidia-graphics-drivers-legacy-340xx
> Control: reassign -3 nvidia-graphics-drivers-legacy-304xx
> Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
> Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
> Control: close -1 367.57-1
> Control: close -2 340.98-1
> Control: close -3 304.132-1
> 
> http://nvidia.custhelp.com/app/answers/detail/a_id/4246
> 
> CVE-2016-7382
> 
> NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
> layer (nvidia.ko) handler where a missing permissions check may allow
> users to gain access to arbitrary physical memory, leading to an
> escalation of privileges.
> 
> CVE-2016-7389
> 
> NVIDIA GPU Display Driver on Linux contains a vulnerability in the
> kernel mode layer (nvidia.ko) handler for mmap() where improper input
> validation may allow users to gain access to arbitrary physical memory,
> leading to an escalation of privileges.
> 
> Fixed versions:
> 
> R370 	370.28
> R367 	367.55
> R340 	340.98
> R304 	304.132
> 
> 
> Andreas
>

This is a fun one... the choice for Jessie and oldstable-backports is
either to keep the vulnerable 304.131 or get the completely and utterly
broken 304.132...

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840342

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20161130/c42aebc8/attachment.sig>


More information about the pkg-nvidia-devel mailing list