Bug#846333: nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
Luca Boccassi
lboccass at Brocade.com
Wed Nov 30 11:35:14 UTC 2016
On Wed, 30 Nov 2016 12:12:23 +0100 Andreas Beckmann <anbe at debian.org> wrote:
> Source: nvidia-graphics-drivers
> Severity: serious
> Tags: security upstream
> Control: clone -1 -2 -3
> Control: reassign -2 nvidia-graphics-drivers-legacy-340xx
> Control: reassign -3 nvidia-graphics-drivers-legacy-304xx
> Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
> Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability
> Control: close -1 367.57-1
> Control: close -2 340.98-1
> Control: close -3 304.132-1
>
> http://nvidia.custhelp.com/app/answers/detail/a_id/4246
>
> CVE-2016-7382
>
> NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
> layer (nvidia.ko) handler where a missing permissions check may allow
> users to gain access to arbitrary physical memory, leading to an
> escalation of privileges.
>
> CVE-2016-7389
>
> NVIDIA GPU Display Driver on Linux contains a vulnerability in the
> kernel mode layer (nvidia.ko) handler for mmap() where improper input
> validation may allow users to gain access to arbitrary physical memory,
> leading to an escalation of privileges.
>
> Fixed versions:
>
> R370 370.28
> R367 367.55
> R340 340.98
> R304 304.132
>
>
> Andreas
>
This is a fun one... the choice for Jessie and oldstable-backports is
either to keep the vulnerable 304.131 or get the completely and utterly
broken 304.132...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840342
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20161130/c42aebc8/attachment.sig>
More information about the pkg-nvidia-devel
mailing list