Advisories » MGASA-2015-0407

Updated nvidia driver packages fix security vulnerability

Publication date: 25 Oct 2015
Modification date: 25 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5950

Description

A vulnerability has been found in the nvidia proprietary driver that could
be used to allow a local, non-privileged user to corrupt kernel memory.
This could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit integer
value stored in the kernel driver to a user-specified memory location,
potentially in the kernel address space. The user has a limited ability
to influence the value of the integer that is written. (CVE-2015-5950)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16903
• http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5950

SRPMS

5/core

• ldetect-lst-0.1.346.1-1.mga5

5/nonfree

• kmod-nvidia304-304.128-1.mga5.nonfree
• nvidia304-304.128-1.mga5.nonfree
• kmod-nvidia340-340.93-1.mga5.nonfree
• nvidia340-340.93-1.mga5.nonfree
• kmod-nvidia-current-346.96-1.mga5.nonfree
• nvidia-current-346.96-1.mga5.nonfree