7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
23.3%
Lenovo Security Advisory: LEN-10962
Potential Impact: Privilege escalation
Severity: Medium
**Scope of Impact:**Industry-Wide
CVE Identifier: CVE-2016-7382, CVE-2016-7389
Summary Description:
The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities.
CVE-2016-7382
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
CVE-2016-7389
NVIDIA GPU Display Driver on Linux contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
See the NVIDIA security advisory located here for more details.
Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo is currently qualifying the updated NVIDIA drivers across all applicable impacted products. The updated drivers will be posted to the Lenovo Support site for affected products as quality assurance testing is completed. Review the Product Impact section below for the list of product fixes. Once the driver has been qualified for the affected product, you will be able to link directly to the driver download page. You should visit this security advisory often to find links to the latest qualified driver for your product.
Product Impact:
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
23.3%