Lenovo Security Advisory: LEN-10962
Potential Impact: Privilege escalation
Scope of Impact: Industry-Wide
CVE Identifier: CVE-2016-7382, CVE-2016-7389
The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities.
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
NVIDIA GPU Display Driver on Linux contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
See the NVIDIA security advisory located here for more details.
Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo is currently qualifying the updated NVIDIA drivers across all applicable impacted products. The updated drivers will be posted to the Lenovo Support site for affected products as quality assurance testing is completed. Review the Product Impact section below for the list of product fixes. Once the driver has been qualified for the affected product, you will be able to link directly to the driver download page. You should visit this security advisory often to find links to the latest qualified driver for your product.