NVIDIA Linux GPU Display Driver 304.x < 304.132 / 340.x < 340.98 / 361.93.x < 361.93.03 / 367.x < 367.55 / 370.x < 370.28 Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A display driver installed on the remote Linux host is affected by
multiple vulnerabilities.

Description :

The version of the NVIDIA GPU display driver installed on the remote
Linux host is 304.x prior to 304.132, 340.x prior to 340.98, 361.93.x
prior to 361.93.03, 367.x prior to 367.55, or 370.x prior to 370.28.
It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the kernel-mode layer (nvidia.ko)
handler related to missing permission checks. A local
attacker can exploit this to disclose arbitrary memory
contents and gain elevated privileges. (CVE-2016-7382)

- A flaw exists in the kernel-mode layer (nvidia.ko)
handler related to improper memory mapping. A local
attacker can exploit this to disclose arbitrary memory
contents and gain elevated privileges. (CVE-2016-7389)

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/4246

Solution :

Upgrade the NVIDIA graphics driver to version 304.132 / 340.98 /
361.93.03 / 367.55 / 370.28 or later in accordance with the vendor
advisory.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 94575 ()

Bugtraq ID:

CVE ID: CVE-2016-7382
CVE-2016-7389

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now