SB2016110301 - Ubuntu update for NVIDIA graphics drivers 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016110301

SB2016110301 - Ubuntu update for NVIDIA graphics drivers

Published: November 3, 2016

Security Bulletin ID SB2016110301
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2016-7382)

The vulnerability allows a local user toobtain elevated privileges on the target system.
The weakness occurs in the kernel mode layer (nvidia.ko) handler and exists due to improper permissions control that lets a local attacker gain access to arbitrary physical memory, leading to an escalation of privileges.
Successful exploitation of the vulnerability results in privilege escalation.

2) Privilege escalation (CVE-ID: CVE-2016-7389)

The vulnerability allows a local user toobtain elevated privileges on the target system.
The weakness occurs in the kernel mode layer (nvidia.ko) handler for mmap() and exists due to improper input validation. By sending a specially crafted file, a local attacker can gain access to arbitrary physical memory, leading to an escalation of privileges.
Successful exploitation of the vulnerability results in privilege escalation.

Remediation

Install update from vendor's website.

References