CVE-2017-6273

Published: 17 October 2017

NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges.

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
nvidia-graphics-drivers-173 Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected)
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-304 Launchpad, Ubuntu, Debian	artful	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Needs triage
	xenial	Not vulnerable
	zesty	Not vulnerable
nvidia-graphics-drivers-304-updates Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-310-updates Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-319 Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-319-updates Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-331 Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-331-updates Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-340 Launchpad, Ubuntu, Debian	artful	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Needs triage
	xenial	Not vulnerable
	zesty	Not vulnerable
nvidia-graphics-drivers-340-updates Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-346 Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-346-updates Launchpad, Ubuntu, Debian	artful	Does not exist
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Does not exist
	zesty	Does not exist
nvidia-graphics-drivers-352 Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-352-updates Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-361 Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-367 Launchpad, Ubuntu, Debian	artful	Not vulnerable (superseded)
	trusty	Does not exist (trusty was not-affected [superseded])
	upstream	Needs triage
	xenial	Not vulnerable (superseded)
	zesty	Not vulnerable (superseded)
nvidia-graphics-drivers-375 Launchpad, Ubuntu, Debian	artful	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Needs triage
	xenial	Not vulnerable
	zesty	Not vulnerable

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›