ID CVE-2015-7869
Summary Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • NVIDIA GPU Driver 304.00 for VMWare ESX
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:esx
  • NVIDIA GPU Driver 304.00 for FreeBSD
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:freebsd
  • NVIDIA GPU Driver 304.00 for Linux Kernel
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:linux_kernel
  • NVIDIA GPU Driver 304.88 for SunOS (Solaris)
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:sunos
  • NVIDIA GPU Driver 304.00 for UNIX
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:unix
  • NVIDIA GPU Driver 304.00 for Windows
    cpe:2.3:a:nvidia:gpu_driver:304.00:-:-:-:windows
  • NVIDIA GPU Driver 304.79
    cpe:2.3:a:nvidia:gpu_driver:304.79
  • NVIDIA GPU Driver 304.88 for VMWare ESX
    cpe:2.3:a:nvidia:gpu_driver:304.88:-:-:-:esx
  • NVIDIA GPU Driver 304.88 for FreeBSD
    cpe:2.3:a:nvidia:gpu_driver:304.88:-:-:-:freebsd
  • NVIDIA GPU Driver 304.88 for Linux Kernel
    cpe:2.3:a:nvidia:gpu_driver:304.88:-:-:-:linux_kernel
  • NVIDIA GPU Driver 304.88 for SunOS (Solaris)
    cpe:2.3:a:nvidia:gpu_driver:304.88:-:-:-:sunos
  • nVidia GPU Driver 304.123
    cpe:2.3:a:nvidia:gpu_driver:304.123
  • NVIDIA GPU Driver 340.52
    cpe:2.3:a:nvidia:gpu_driver:340.52
  • nVidia GPU Driver 340.65
    cpe:2.3:a:nvidia:gpu_driver:340.65
  • cpe:2.3:a:nvidia:gpu_driver:346.22
    cpe:2.3:a:nvidia:gpu_driver:346.22
  • nVidia GPU Driver 352.0
    cpe:2.3:a:nvidia:gpu_driver:352.0
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • NVIDIA GPU Driver 340.52
    cpe:2.3:a:nvidia:gpu_driver:340.52
  • nVidia GPU Driver 340.65
    cpe:2.3:a:nvidia:gpu_driver:340.65
  • nVidia GPU Driver 352.0
    cpe:2.3:a:nvidia:gpu_driver:352.0
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 6.6 (as of 24-08-2016 - 13:36)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE PARTIAL COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2814-1.NASL
    description It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86944
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86944
    title Ubuntu 12.04 LTS / 14.04 / 15.04 / 15.10 : nvidia-graphics-drivers vulnerability (USN-2814-1)
  • NASL family Windows
    NASL id NVIDIA_WIN_CVE_2015_8328.NASL
    description The version of the NVIDIA graphics driver installed on the remote Windows host is 340.x prior to 341.92, 352.x prior to 354.35, or 358.x prior to 358.87. It is, therefore, affected by multiple vulnerabilities : - A privilege escalation vulnerability exists in the Stereoscopic 3D Driver Service due to improper restriction of access to the 'stereosvrpipe' named pipe. An adjacent attacker can exploit this to execute arbitrary command line arguments, resulting in an escalation of privileges. (CVE-2015-7865) - A privilege escalation vulnerability exists due to an unquoted Windows search path issue in the Smart Maximize Helper (nvSmartMaxApp.exe). A local attacker can exploit this to escalate privileges. (CVE-2015-7866) - Multiple privilege escalation vulnerabilities exist in the NVAPI support layer due to multiple unspecified integer overflow conditions in the underlying kernel mode driver. A local attacker can exploit these issues to gain access to uninitialized or out-of-bounds memory, resulting in an escalation of privileges. (CVE-2015-7869, CVE-2015-8328)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 87412
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87412
    title NVIDIA Graphics Driver 340.x < 341.92 / 352.x < 354.35 / 358.x < 358.87 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id NVIDIA_UNIX_CVE_2015_7869.NASL
    description The NVIDIA graphics driver installed on the remote host is affected by a privilege escalation vulnerability in the NVAPI support layer due to multiple unspecified integer overflow conditions in the underlying kernel mode driver. A local attacker can exploit this to gain access to uninitialized or out-of-bounds memory, resulting in possible information disclosure, denial of service, or the gaining of elevated privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 87411
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87411
    title NVIDIA Graphics Driver NVAPI Support Layer Integer Overflow Privilege Escalation (Unix / Linux)
refmap via4
confirm http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security
hp HPSBHF03545
sectrack 1034176
ubuntu USN-2814-1
Last major update 25-08-2016 - 09:57
Published 24-11-2015 - 15:59
Last modified 13-02-2019 - 16:24
Back to Top