Advisories ยป MGASA-2015-0407

Updated nvidia driver packages fix security vulnerability

Publication date: 25 Oct 2015
Modification date: 25 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5950

Description

A vulnerability has been found in the nvidia proprietary driver that could
be used to allow a local, non-privileged user to corrupt kernel memory.
This could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit integer
value stored in the kernel driver to a user-specified memory location,
potentially in the kernel address space. The user has a limited ability
to influence the value of the integer that is written. (CVE-2015-5950)
                

References

SRPMS

5/nonfree

5/core