Fault symptom:
Lenovo security announcement: LEN-5551
Potential impact: permission escalation, information disclosure risks, service breakdown, or denial of service
Severity: high
Impact scope: All Industries
Abstract description:
On July 6, March 21, 2016, NVIDIA announced three major driver vulnerabilities. Most GeForce, Quadro, and nvs nvidia products use these drivers.
CVE-2016-2556: kernel driver leakage may allow access to restricted features
Nvidia.custhelp.com/app/answers/detail/a_id/4059 "> http://nvidia.custhelp.com/app/answers/detail/a_id/4059
CVE-2016-2557: kernel driver leakage can grant memory access
Http://nvidia.custhelp.com/app/answers/detail/a_id/4060
CVE-2016-2558: kernel driver leakage allows untrusted pointers
Http://nvidia.custhelp.com/app/answers/detail/a_id/4061
More information about these vulnerabilities can be found in the NVIDIA product security website http://www.nvidia.com/object/product-security.html.
Solution:
Measures should be taken for self-protection:
Lenovo is currently authenticating all the updated NVIDIA drivers for affected products. After the Quality Assurance test is completed, the updated drivers will be released to the affected Lenovo support site. See the "product impact" section below to view the list of product fixes. After the driver of the affected product passes authentication, you can directly link to the driver download page. We recommend that you frequently access this security bulletin to find links to the latest qualified drivers for your product.
If this vulnerability puts you at an unacceptable risk level and you want to mitigate this issue before the Lenovo-certified driver is released for your product, you can visit the NVIDIA security web page (www.nvidia.com/security) to download and install the reference driver. Please note that Lenovo has not authenticated the reference driver. If you have problems installing the driver on the NVIDIA support site, contact NVIDIA directly. When Lenovo-certified drivers can be downloaded from the Lenovo support site, Lenovo recommends that you uninstall the NVIDIA reference driver and upgrade it to the Lenovo Support Site version.
Product impact:
The following products affected by this vulnerability have been fixed. The investigation into other Lenovo products is still in progress. If other fixes are released, we will update them to this announcement in time. Please check whether the announcement is updated at any time.