Lenovo Security Advisory: LEN-5551
Potential Impact: Privilege escalation, potential information disclosure, crashes or denial of service
**Severity:**High
Scope of Impact: Industry-Wide
Summary Description:
On March 21, 2016, NVIDIA announced three high-severity driver vulnerabilities. These drivers are used in most GeForce, Quadro and NVS NVIDIA products.
CVE-2016-2556: Kernel driver escape can allow access to restricted functionality
<http://nvidia.custhelp.com/app/answers/detail/a_id/4059>
CVE-2016-2557: Kernel driver escape privileged memory access
<http://nvidia.custhelp.com/app/answers/detail/a_id/4060>
CVE-2016-2558: Kernel driver escape allows untrusted pointer
<http://nvidia.custhelp.com/app/answers/detail/a_id/4061>
More information about these vulnerabilities can be found on NVIDIAβs product security website <http://www.nvidia.com/object/product-security.html>.
Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo is currently qualifying the updated NVIDIA drivers across all applicable impacted products. The updated drivers will be posted to the Lenovo Support site for affected products as quality assurance testing is completed. Review the Product Impact section below for the list of product fixes. Once the driver has been qualified for the affected product, you will be able to link directly to the driver download page. You should visit this security advisory often to find links to the latest qualified driver for your product.
If this vulnerability puts you at an unacceptable level of risk and you want to mitigate before the Lenovo-certified driver is available for your product, you can visit the NVIDIA security webpage (www.nvidia.com/security) to download and install the reference driver. Please be aware that the reference driver has not been qualified by Lenovo. If you experience problems as a result of installing the driver from the NVIDIA support site, please contact NVIDIA directly. When the Lenovo-certified driver is available for download from the Lenovo Support site, Lenovo recommends that you uninstall the NVIDIA reference driver, and upgrade to the Lenovo Support site version.
Product Impact: