NVIDIA Graphics Driver NVAPI Support Layer Integer Overflow Privilege Escalation (Unix / Linux)

medium Nessus Plugin ID 87411

Synopsis

The remote host is affected by a privilege escalation vulnerability.

Description

The NVIDIA graphics driver installed on the remote host is affected by a privilege escalation vulnerability in the NVAPI support layer due to multiple unspecified integer overflow conditions in the underlying kernel mode driver. A local attacker can exploit this to gain access to uninitialized or out-of-bounds memory, resulting in possible information disclosure, denial of service, or the gaining of elevated privileges.

Solution

Upgrade to the appropriate video driver version according to the vendor advisory.

See Also

http://www.nessus.org/u?a143cf56

https://nvidia.custhelp.com/app/answers/detail/a_id/3808

Plugin Details

Severity: Medium

ID: 87411

File Name: nvidia_unix_cve_2015_7869.nasl

Version: 1.9

Type: local

Agent: unix

Family: Misc.

Published: 12/16/2015

Updated: 3/15/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:C

CVSS Score Source: CVE-2015-7869

Vulnerability Information

CPE: cpe:/a:nvidia:gpu_driver

Required KB Items: NVIDIA_UNIX_Driver/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2015

Vulnerability Publication Date: 11/13/2015

Reference Information

CVE: CVE-2015-7869