NVIDIA Linux GPU Display Driver 304.x < 304.135 / 340.x < 340.102 / 361.x < 361.119 / 375.x < 375.39 / 378.x < 378.13 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A display driver installed on the remote Linux host is affected by
multiple vulnerabilities.

Description :

The version of the NVIDIA GPU display driver installed on the remote
Linux host is 304.x prior to 304.135, 340.x prior to 340.102, 361.x
prior to 361.119, 375.x prior to 375.39, or 378.x prior to 378.13.
It is, therefore, affected by multiple vulnerabilities:

- Multiple integer overflow conditions exist in the kernel
mode layer handler that allow a local attacker to cause
a denial of service condition or the execution of
arbitrary code. (CVE-2017-0309)

- A flaw exists in the kernel mode layer handler due to
improper access controls that allows a local attacker to
cause a denial of service condition. (CVE-2017-0310)

- A flaw exists in the kernel mode layer handler due to
improper access controls that allows a local attacker to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2017-0311)

- A flaw exists in the kernel mode layer handler due to
improper validation of an input parameter. A local
attacker can exploit this to cause a denial of service
condition. (CVE-2017-0318)

- A NULL pointer dereference flaw exists in the
kernel mode layer handler due to improper validation of
certain input. A local attacker can exploit this to
cause a denial of service condition or potentially
execute arbitrary code. (CVE-2017-0321)

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/4398

Solution :

Upgrade the NVIDIA graphics driver to version 304.135 / 340.102 /
361.119 / 375.39 / 378.13 or later in accordance with the vendor
advisory.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 97385 ()

Bugtraq ID:

CVE ID: CVE-2017-0309
CVE-2017-0310
CVE-2017-0311
CVE-2017-0318
CVE-2017-0321

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now