SB2017060217 - Ubuntu update for NVIDIA graphics drivers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017060217

SB2017060217 - Ubuntu update for NVIDIA graphics drivers

Published: June 2, 2017

Security Bulletin ID SB2017060217
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Null pointer dereference (CVE-ID: CVE-2017-0350)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the kernel mode layer handler due to improper validation of a value passed from a user to the driver. A local attacker can provide a specially crafted value that is used in an offset calculation, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.

Successful exploitation of the vulnerability may result in full access to the system.

2) Null pointer dereference (CVE-ID: CVE-2017-0351)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the kernel mode layer handler due to improper validation of user supplied data. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.

Successful exploitation of the vulnerability may result in full access to the system.

3) Privilege escalation (CVE-ID: CVE-2017-0352)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.

Successful exploitation of the vulnerability may result in full access to the system.

Remediation

Install update from vendor's website.

References