Updated nvidia-current & ldetect-lst packages fix security vulnerabilities
Publication date: 27 Jan 2017Modification date: 27 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7382 , CVE-2016-7389 , CVE-2016-8826
Description
This proprietary nvidia-current driver update provides an upgrade to the
new R375 long lived branch adding support for nVidia Geforce 10
(GTX10xx, Pascal) series hardware and fixes the following security
issues:
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) handler where a missing permissions check may allow
users to gain access to arbitrary physical memory, leading to an
escalation of privileges (CVE-2016-7382).
NVIDIA GPU Display Driver on Linux contains a vulnerability in the
kernel mode layer (nvidia.ko) handler for mmap() where improper input
validation may allow users to gain access to arbitrary physical memory,
leading to an escalation of privileges (CVE-2016-7389).
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) where a user can cause a GPU interrupt storm, leading
to a denial of service (CVE-2016-8826).
References
- https://bugs.mageia.org/show_bug.cgi?id=19994
- http://nvidia.custhelp.com/app/answers/detail/a_id/4246
- http://nvidia.custhelp.com/app/answers/detail/a_id/4278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8826
SRPMS
5/core
- ldetect-lst-0.1.346.5-1.mga5
5/nonfree
- nvidia-current-375.26-1.mga5.nonfree