CVE-2016-7389

NameCVE-2016-7389
DescriptionFor the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: local)
Debian Bugs846331, 846332, 846333

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)wheezy/non-free304.131-1vulnerable
jessie/non-free340.102-1fixed
stretch/non-free375.82-1~deb9u1fixed
buster/non-free384.111-1fixed
sid/non-free384.111-3fixed
nvidia-graphics-drivers-legacy-304xx (PTS)jessie/non-free304.135-1fixed
stretch/non-free304.135-2fixed
buster/non-free304.137-3fixed
sid/non-free304.137-4fixed
nvidia-graphics-drivers-legacy-340xx (PTS)stretch/non-free340.102-1fixed
buster/non-free340.104-3fixed
sid/non-free340.104-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssource(unstable)367.57-1high846331
nvidia-graphics-driverssourcejessie340.101-1high
nvidia-graphics-drivers-legacy-304xxsource(unstable)304.132-1high846333
nvidia-graphics-drivers-legacy-304xxsourcejessie304.134-0~deb8u1high
nvidia-graphics-drivers-legacy-340xxsource(unstable)340.98-1high846332

Notes

[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
http://nvidia.custhelp.com/app/answers/detail/a_id/4246

Search for package or bug name: Reporting problems