CVE-2016-7389

NameCVE-2016-7389
DescriptionFor the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs846331, 846332, 846333

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)bullseye/non-free470.256.02-2fixed
bookworm/non-free-firmware535.183.01-1~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware535.183.06-2fixed
nvidia-graphics-drivers-legacy-340xx (PTS)sid/non-free340.108-22fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssourcejessie340.101-1
nvidia-graphics-driverssource(unstable)367.57-1846331
nvidia-graphics-drivers-legacy-304xxsourcejessie304.134-0~deb8u1
nvidia-graphics-drivers-legacy-304xxsource(unstable)304.132-1846333
nvidia-graphics-drivers-legacy-340xxsource(unstable)340.98-1846332

Notes

[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
http://nvidia.custhelp.com/app/answers/detail/a_id/4246

Search for package or bug name: Reporting problems