CVE-2017-0317

Published: 15 February 2017

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution.

Notes

Author	Note
mdeslaur	windows-specific issue

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
nvidia-graphics-drivers Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-173 Launchpad, Ubuntu, Debian	precise	Ignored (no update available)
	trusty	Does not exist (trusty was ignored [no update available])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-173-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-304 Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist (trusty was not-affected [Windows specific])
	upstream	Needs triage
	xenial	Not vulnerable (Windows specific)
	yakkety	Not vulnerable (Windows specific)
nvidia-graphics-drivers-304-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	yakkety	Not vulnerable (superseded)
nvidia-graphics-drivers-310-updates Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-319 Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-319-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-331 Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-331-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-340 Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist (trusty was not-affected [Windows specific])
	upstream	Needs triage
	xenial	Not vulnerable (Windows specific)
	yakkety	Not vulnerable (Windows specific)
nvidia-graphics-drivers-340-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	yakkety	Not vulnerable (superseded)
nvidia-graphics-drivers-346 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-346-updates Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-352 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	yakkety	Not vulnerable (superseded)
nvidia-graphics-drivers-352-updates Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	yakkety	Not vulnerable (superseded)
nvidia-graphics-drivers-361 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	yakkety	Not vulnerable (superseded)
nvidia-graphics-drivers-367 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [Windows specific])
	upstream	Needs triage
	xenial	Not vulnerable (Windows specific)
	yakkety	Not vulnerable (Windows specific)
nvidia-graphics-drivers-96 Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-96-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-experimental-304 Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-experimental-310 Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-tegra Launchpad, Ubuntu, Debian	precise	Not vulnerable (Windows specific)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
nvidia-graphics-drivers-updates Launchpad, Ubuntu, Debian	precise	Not vulnerable (superseded)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›