Nvidia gpu kernel driver leakage

Source: Internet
Author: User
Tags cve nvidia support lenovo

Fault symptom:

Lenovo security announcement: LEN-5551

Potential impact: permission escalation, information disclosure risks, service breakdown, or denial of service

Severity: high

Impact scope: All Industries

Abstract description:

On July 6, March 21, 2016, NVIDIA announced three major driver vulnerabilities. Most GeForce, Quadro, and nvs nvidia products use these drivers.

CVE-2016-2556: kernel driver leakage may allow access to restricted features

Nvidia.custhelp.com/app/answers/detail/a_id/4059 "> http://nvidia.custhelp.com/app/answers/detail/a_id/4059

CVE-2016-2557: kernel driver leakage can grant memory access

Http://nvidia.custhelp.com/app/answers/detail/a_id/4060

CVE-2016-2558: kernel driver leakage allows untrusted pointers

Http://nvidia.custhelp.com/app/answers/detail/a_id/4061

More information about these vulnerabilities can be found in the NVIDIA product security website http://www.nvidia.com/object/product-security.html.

Solution:

Measures should be taken for self-protection:

Lenovo is currently authenticating all the updated NVIDIA drivers for affected products. After the Quality Assurance test is completed, the updated drivers will be released to the affected Lenovo support site. See the "product impact" section below to view the list of product fixes. After the driver of the affected product passes authentication, you can directly link to the driver download page. We recommend that you frequently access this security bulletin to find links to the latest qualified drivers for your product.

If this vulnerability puts you at an unacceptable risk level and you want to mitigate this issue before the Lenovo-certified driver is released for your product, you can visit the NVIDIA security web page (www.nvidia.com/security) to download and install the reference driver. Please note that Lenovo has not authenticated the reference driver. If you have problems installing the driver on the NVIDIA support site, contact NVIDIA directly. When Lenovo-certified drivers can be downloaded from the Lenovo support site, Lenovo recommends that you uninstall the NVIDIA reference driver and upgrade it to the Lenovo Support Site version.

Product impact:

The following products affected by this vulnerability have been fixed. The investigation into other Lenovo products is still in progress. If other fixes are released, we will update them to this announcement in time. Please check whether the announcement is updated at any time.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.