CVE-2016-7389
HIGHNVIDIA GPU Display Driver < 304.132, < 340.98, < 367.55, < 361.93.03, < 370.28 - Privilege Escalation via mmap() Handler
Title source: llmDescription
For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94177
Patch, Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4246
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (6)
n/a/Quadro, NVS, GeForce, and Tesla (all versions)
Quadro, NVS, GeForce, and Tesla (all versions)
nvidia/gpu_driver
304.79
nvidia/gpu_driver
340.52
nvidia/gpu_driver
361.91
nvidia/gpu_driver
365.19
nvidia/gpu_driver
368.81
Published
Nov 08, 2016
Tracked Since
Feb 18, 2026