SB2017060217 - Ubuntu update for NVIDIA graphics drivers
Published: June 2, 2017
Security Bulletin ID
SB2017060217
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Null pointer dereference (CVE-ID: CVE-2017-0350)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer handler due to improper validation of a value passed from a user to the driver. A local attacker can provide a specially crafted value that is used in an offset calculation, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
2) Null pointer dereference (CVE-ID: CVE-2017-0351)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer handler due to improper validation of user supplied data. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
3) Privilege escalation (CVE-ID: CVE-2017-0352)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Remediation
Install update from vendor's website.