CVE-2016-7382 - For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulner

CVE-2016-7382

Summary

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

References

Vulnerable Configurations

cpe:2.3:a:nvidia:gpu_driver:304.131:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:304.131:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:340.98:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:340.98:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:361.93.02:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:361.93.02:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:367.44:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:367.44:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:367.54:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:367.54:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:370.23:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:370.23:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:telsa_k80:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:telsa_k80:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2075:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_c2075:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k10:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k10:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k20:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k20:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k20x:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k20x:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k8:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k8:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k80:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_k80:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2050:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2070:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2075:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2075:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2090:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m2090:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m6:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m6:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m60:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_m60:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p100:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p100:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p4:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p4:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:tesla_p40:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*
cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 20-01-2017 - 02:59)
Impact:
Exploitability:

CWE

CWE-275

CAPEC

Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
Using Malicious Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	94177
confirm	http://nvidia.custhelp.com/app/answers/detail/a_id/4246 http://nvidia.custhelp.com/app/answers/detail/a_id/4247 https://support.lenovo.com/us/en/solutions/LEN-10822

Last major update

20-01-2017 - 02:59

Published

08-11-2016 - 20:59

Last modified

20-01-2017 - 02:59