Detections
Analytics
NVIDIA Linux GPU Display Driver 304.x < 304.132 / 340.x < 340.98 / 361.93.x < 361.93.03 / 367.x < 367.55 / 370.x < 370.28 Multiple Vulnerabilities
high Nessus Plugin ID 94575
Language:
Synopsis
A display driver installed on the remote Linux host is affected by multiple vulnerabilities.Description
The version of the NVIDIA GPU display driver installed on the remote Linux host is 304.x prior to 304.132, 340.x prior to 340.98, 361.93.x prior to 361.93.03, 367.x prior to 367.55, or 370.x prior to 370.28.It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the kernel-mode layer (nvidia.ko) handler related to missing permission checks. A local attacker can exploit this to disclose arbitrary memory contents and gain elevated privileges. (CVE-2016-7382)
- A flaw exists in the kernel-mode layer (nvidia.ko) handler related to improper memory mapping. A local attacker can exploit this to disclose arbitrary memory contents and gain elevated privileges. (CVE-2016-7389)
Solution
Upgrade the NVIDIA graphics driver to version 304.132 / 340.98 / 361.93.03 / 367.55 / 370.28 or later in accordance with the vendor advisory.See Also
Plugin Details
Severity: High
ID: 94575
File Name: nvidia_unix_cve_2016_7389.nasl
Version: 1.10
Type: local
Agent: unix
Family: Misc.
Published: 11/4/2016
Updated: 3/15/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2016-7389
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:nvidia:gpu_driver
Required KB Items: NVIDIA_UNIX_Driver/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/28/2016
Vulnerability Publication Date: 10/28/2016
Reference Information
CVE: CVE-2016-7382, CVE-2016-7389