CVE-2016-7389
Published: 19 October 2019
For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
Priority
Status
Package | Release | Status |
---|---|---|
nvidia-graphics-drivers Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-173 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
(trusty was ignored [no update available])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-173-updates Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-304 Launchpad, Ubuntu, Debian |
precise |
Released
(304.132-0ubuntu0.12.04.1)
|
trusty |
Released
(304.132-0ubuntu0.14.04.2)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(304.132-0ubuntu0.16.04.2)
|
|
yakkety |
Not vulnerable
(304.132-0ubuntu1)
|
|
nvidia-graphics-drivers-304-updates Launchpad, Ubuntu, Debian |
precise |
Released
(304.132-0ubuntu0.12.04.1)
|
trusty |
Released
(304.132-0ubuntu0.12.04.1)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(superseded)
|
|
yakkety |
Not vulnerable
(superseded)
|
|
nvidia-graphics-drivers-310-updates Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-319 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-319-updates Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-331 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-331-updates Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-340 Launchpad, Ubuntu, Debian |
precise |
Released
(340.98-0ubuntu0.12.04.1)
|
trusty |
Released
(340.98-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(340.98-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(340.98-0ubuntu1)
|
|
nvidia-graphics-drivers-340-updates Launchpad, Ubuntu, Debian |
precise |
Released
(340.98-0ubuntu0.12.04.1)
|
trusty |
Released
(340.98-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(340.98-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(superseded)
|
|
nvidia-graphics-drivers-346 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-346-updates Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [superseded])
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-352 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Released
(367.57-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(367.57-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(superseded)
|
|
nvidia-graphics-drivers-352-updates Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Released
(367.57-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(367.57-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(superseded)
|
|
nvidia-graphics-drivers-361 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(367.57-0ubuntu0.16.04.1)
|
|
yakkety |
Not vulnerable
(superseded)
|
|
nvidia-graphics-drivers-96 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-96-updates Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-experimental-304 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-experimental-310 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-tegra Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
nvidia-graphics-drivers-updates Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(superseded)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |