CVE-2016-7389

CWE-2646 documents6 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Driver

Timeline

PublishedNov 8

Latest updateMay 17

Description

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiannvidia-graphics-drivers< 367.57-1+3

▶NVDnvidia/gpu_driver5 versions+4

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-x5xm-6fpv-xpgq: For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304↗2022-05-17

▶

CVEList

CVE-2016-7389: For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304↗2016-11-08

▶

OSV

CVE-2016-7389: For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304↗2016-11-08

▶

📋Vendor Advisories

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2016-11-03

▶

Debian

CVE-2016-7389: nvidia-graphics-drivers - For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driv...↗2016

▶