Nvidia gpu kernel driver leakage

Fault symptom:

Lenovo security announcement: LEN-5551

Potential impact: permission escalation, information disclosure risks, service breakdown, or denial of service

Severity: high

Impact scope: All Industries

Abstract description:

On July 6, March 21, 2016, NVIDIA announced three major driver vulnerabilities. Most GeForce, Quadro, and nvs nvidia products use these drivers.

CVE-2016-2556: kernel driver leakage may allow access to restricted features

Nvidia.custhelp.com/app/answers/detail/a_id/4059 "> http://nvidia.custhelp.com/app/answers/detail/a_id/4059

CVE-2016-2557: kernel driver leakage can grant memory access

Http://nvidia.custhelp.com/app/answers/detail/a_id/4060

CVE-2016-2558: kernel driver leakage allows untrusted pointers

Http://nvidia.custhelp.com/app/answers/detail/a_id/4061

More information about these vulnerabilities can be found in the NVIDIA product security website http://www.nvidia.com/object/product-security.html.

Solution:

Measures should be taken for self-protection:

Lenovo is currently authenticating all the updated NVIDIA drivers for affected products. After the Quality Assurance test is completed, the updated drivers will be released to the affected Lenovo support site. See the "product impact" section below to view the list of product fixes. After the driver of the affected product passes authentication, you can directly link to the driver download page. We recommend that you frequently access this security bulletin to find links to the latest qualified drivers for your product.

If this vulnerability puts you at an unacceptable risk level and you want to mitigate this issue before the Lenovo-certified driver is released for your product, you can visit the NVIDIA security web page (www.nvidia.com/security) to download and install the reference driver. Please note that Lenovo has not authenticated the reference driver. If you have problems installing the driver on the NVIDIA support site, contact NVIDIA directly. When Lenovo-certified drivers can be downloaded from the Lenovo support site, Lenovo recommends that you uninstall the NVIDIA reference driver and upgrade it to the Lenovo Support Site version.

Product impact:

The following products affected by this vulnerability have been fixed. The investigation into other Lenovo products is still in progress. If other fixes are released, we will update them to this announcement in time. Please check whether the announcement is updated at any time.