| Vulnerability Name: | CVE-2016-7389 (CCN-118805) |
| Assigned: | 2016-11-02 |
| Published: | 2016-11-02 |
| Updated: | 2016-11-28 |
| Summary: | For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-264
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2016-7389
Source: CONFIRM
Type: Patch, Vendor Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4246
Source: CCN
Type: NVIDIA Security Bulletin 4246
NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities (CVE-2016-7382, CVE-2016-7389)
Source: BID
Type: UNKNOWN
94177
Source: CCN
Type: BID-94177
Multiple NVIDIA Products Multiple Local Privilege Escalation Vulnerabilities
Source: XF
Type: UNKNOWN
nvidia-cve20167389-priv-esc(118805)
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-7389
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:nvidia:gpu_driver:304.79:*:*:*:*:*:*:*OR cpe:/a:nvidia:gpu_driver:340.52:*:*:*:*:*:*:*OR cpe:/a:nvidia:gpu_driver:361.91:*:*:*:*:*:*:*OR cpe:/a:nvidia:gpu_driver:365.19:*:*:*:*:*:*:*OR cpe:/a:nvidia:gpu_driver:368.81:*:*:*:*:*:*:*AND cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:nvidia:quadro_k420:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:geforce_910m:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:geforce_920m:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:geforce_930m:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:geforce_940m:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:nvs_310:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:nvs_315:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:nvs_510:-:*:*:*:*:*:*:*OR cpe:/h:nvidia:nvs_810:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |