Lucene search

K
lenovoLenovoLENOVO:PS500335-NVIDIA-GPU-DISPLAY-DRIVER-JUNE-2020-SECURITY-BULLETIN-NOSID
HistoryJul 14, 2020 - 4:59 p.m.

NVIDIA GPU Display Driver - June 2020 Security Bulletin - Lenovo Support NL

2020-07-1416:59:43
support.lenovo.com
9

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

Lenovo Security Advisory: LEN-36925

Potential Impact: Privilege escalation, denial of service, information disclosure, code execution, tampering

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2020-5962, CVE-2020-5963, CVE-2020-5964, CVE-2020-5965, CVE-2020-5966, CVE-2020-5967, CVE-2020-5968, CVE-2020-5969, CVE-2020-5970, CVE-2020-5971, CVE-2020-5972, CVE-2020-5973

Summary Description:

NVIDIA has released a software security update for the NVIDIA GPU Display Driver and NVIDIA vGPU Software. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.

Mitigation Strategy for Customers (what you should do to protect yourself):

NVIDIA recommends upgrading to the driver version (or newer) indicated for your model in the Product Impact section below.

Affected Products:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: <https://support.lenovo.com/us/en/solutions/ht504759&gt;

Server and Enterprise Software: <https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd&gt; and <https://datacentersupport.lenovo.com/us/en/documents/lnvo-center&gt;

Click below links to view affected products:

Desktop

Desktop All-in-One

ThinkPad

ThinkServer

ThinkStation

References:

<https://nvidia.custhelp.com/app/answers/detail/a_id/5031&gt;

Revision History:

Revision

|

Date

|

Description

β€”|β€”|β€”
7 | 2021-06-15 | Updated ThinkPad
6 | 2021-05-10 | Updated Desktop
5 | 2021-03-08 | Updated Desktop, Desktop All in One, ThinkPad, ThinkServer, ThinkStation
4 | 2021-01-12 | Updated Desktop and Desktop - All in One
3 | 2020-12-07 | Updated Desktop, Desktop - All in One, Lenovo Notebook, ThinkPad, ThinkStation
2 | 2020-08-13 | Added Affected Products list
1 | 2020-07-14 | Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an β€œas is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

Related for LENOVO:PS500335-NVIDIA-GPU-DISPLAY-DRIVER-JUNE-2020-SECURITY-BULLETIN-NOSID