Updated nvidia304 and nvidia340 packages fix security vulnerabilities
Publication date: 09 Jan 2017Modification date: 09 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7382 , CVE-2016-7389 , CVE-2016-8826
Description
This proprietary nvidia340 and nvidia304 driver update fixes the
following security issues:
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) handler where a missing permissions check may allow
users to gain access to arbitrary physical memory, leading to an
escalation of privileges (CVE-2016-7382).
NVIDIA GPU Display Driver on Linux contains a vulnerability in the
kernel mode layer (nvidia.ko) handler for mmap() where improper input
validation may allow users to gain access to arbitrary physical memory,
leading to an escalation of privileges (CVE-2016-7389).
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) where a user can cause a GPU interrupt storm, leading
to a denial of service (CVE-2016-8826).
References
- https://bugs.mageia.org/show_bug.cgi?id=19993
- http://nvidia.custhelp.com/app/answers/detail/a_id/4246
- http://nvidia.custhelp.com/app/answers/detail/a_id/4278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8826
SRPMS
5/nonfree
- nvidia304-304.134-1.mga5.nonfree
- nvidia340-340.101-1.mga5.nonfree