This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2018-991.NASLAmazon Linux AMI : nvidia (ALAS-2018-991)
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
21.0%
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. (CVE-2018-6247)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges. (CVE-2018-6248)
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. (CVE-2018-6249)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs, which may lead to denial of service or possible escalation of privileges. (CVE-2018-6250)
NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution. (CVE-2018-6251)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary for production usage, and which may result in denial of service.
(CVE-2018-6252)
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. (CVE-2018-6253)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2018-991.
#
include("compat.inc");
if (description)
{
script_id(108852);
script_version("1.4");
script_cvs_date("Date: 2018/08/31 12:25:01");
script_cve_id("CVE-2018-6247", "CVE-2018-6248", "CVE-2018-6249", "CVE-2018-6250", "CVE-2018-6251", "CVE-2018-6252", "CVE-2018-6253");
script_xref(name:"ALAS", value:"2018-991");
script_name(english:"Amazon Linux AMI : nvidia (ALAS-2018-991)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"NVIDIA Windows GPU Display Driver contains a vulnerability in the
kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a
NULL pointer dereference may lead to denial of service or possible
escalation of privileges. (CVE-2018-6247)
NVIDIA Windows GPU Display Driver contains a vulnerability in the
kernel mode layer handler for DxgkDdiEscape where the software uses a
sequential operation to read or write a buffer, but it uses an
incorrect length value that causes it to access memory that is outside
of the bounds of the buffer which may lead to denial of service or
possible escalation of privileges. (CVE-2018-6248)
NVIDIA GPU Display Driver contains a vulnerability in kernel mode
layer handler where a NULL pointer dereference may lead to denial of
service or potential escalation of privileges. (CVE-2018-6249)
NVIDIA Windows GPU Display Driver contains a vulnerability in the
kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a
NULL pointer dereference occurs, which may lead to denial of service
or possible escalation of privileges. (CVE-2018-6250)
NVIDIA Windows GPU Display Driver contains a vulnerability in the
DirectX 10 Usermode driver, where a specially crafted pixel shader can
cause writing to unallocated memory, leading to denial of service or
potential code execution. (CVE-2018-6251)
NVIDIA Windows GPU Display Driver contains a vulnerability in the
kernel mode layer handler for DxgkDdiEscape where the software allows
an actor access to restricted functionality that is unnecessary for
production usage, and which may result in denial of service.
(CVE-2018-6252)
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and
OpenGL Usermode drivers where a specially crafted pixel shader can
cause infinite recursion leading to denial of service. (CVE-2018-6253)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2018-991.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update nvidia' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nvidia");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nvidia-dkms");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"nvidia-384.125-2017.09.109.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"nvidia-dkms-384.125-2017.09.109.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nvidia / nvidia-dkms");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6253
alas.aws.amazon.com/ALAS-2018-991.html
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
21.0%