Security Bulletin: NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities and CVSS risk assessments. CVE-2017-6251 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical...

virglrenderer: Multiple vulnerabilities

Background A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering. Description Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details. Impact A local attacker could cau...

Linux Kernel 'virtio_gpu_object_create' Function Denial of Service Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'virtiogpuobjectcreate' function in the drivers/gpu/drm/virtio/virtgpuobject.c file in Linux kernel 4.11.8 and earlier. An...

CVE-2017-10810

Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service memory consumption by triggering object-initialization failures...

CVE-2017-10810

CVE-2017-10810: Linux kernel memory leak in virtio_gpu_object_create (drivers/gpu/drm/virtio/virtgpu_object.c) up to 4.11.8 can cause memory exhaustion and denial of service when object initialisation fails. Connected Nessus advisories (Unity Linux UTSA-2026-002867/002763/000604) reproduce the sa...

UBUNTU-CVE-2017-10810

Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service memory consumption by triggering object-initialization failures...

The vulnerability of the Qualcomm GPU operating system driver for Android allows a hacker to execute arbitrary code.

The vulnerability of the Qualcomm GPU operating system for Android is related to deficiencies in access control. It is necessary to gain access to privileged processes and modify the current platform configuration. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Qualcomm GPU operating system for Linux, allowing a hacker to execute arbitrary code

The vulnerability of the Common Internet Filesystem microprogramming system in Cisco Adaptive Security Appliances arises from insufficient validation of input data and the execution of operations outside the buffer in dynamic memory. Exploiting this vulnerability allows a malicious actor to perfo...

NVIDIA Windows GPU Driver Privilege Escalation or Denial of Service - us

Lenovo Security Advisory: LEN-12057 Potential Impact: Denial of service and escalation of privileges Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-8821, CVE-2016-8822, CVE-2016-8823, CVE-2016-8824, CVE-2016-8825, CVE-2016-8826, CVE-2016-3161, CVE-2016-5852, CVE-2016-4960,...

NVIDIA Windows GPU Driver Privilege Escalation or Denial of Service - Lenovo Support US

No description provided...

QEMU virtio_gpu_set_scanout function denial of service vulnerability

QEMU aka Quick Emulator is a suite of analog processor software developed by French programmer Fabrice Bellard. QEMU suffers from a denial of service vulnerability in the virtiogpusetscanout function in hw/display/virtio-gpu.c. The vulnerability allows a local OS user to pass a large number of...

CVE-2017-9060

Memory leak in the virtiogpusetscanout function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service memory consumption via a large number of "VIRTIOGPUCMDSETSCANOUT:" commands...

DEBIAN-CVE-2017-9060

Memory leak in the virtiogpusetscanout function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service memory consumption via a large number of "VIRTIOGPUCMDSETSCANOUT:" commands...

CVE-2017-9060

Memory leak in the virtiogpusetscanout function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service memory consumption via a large number of "VIRTIOGPUCMDSETSCANOUT:" commands...

CVE-2017-9060

Memory leak in the virtiogpusetscanout function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service memory consumption via a large number of "VIRTIOGPUCMDSETSCANOUT:" commands...

Huawei P7 GPU Driver Elevation of Privilege Vulnerability

Huawei P7 is a smartphone from the Chinese company Huawei.GPU driver is a graphics processor driver used in... An elevation of privilege vulnerability exists in the GPU driver in the Huawei P7, where the GPU fails to adequately validate the legitimacy of incoming parameters. A local attacker can...

FreeBSD : NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler (f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21)

NVIDIA Unix security team reports : NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where not correctly validated user input, NULL pointer dereference, and incorrect access control may lead to denial of service or potential escalation of privileges. %NASLMINLEV...

CVE-2015-8089

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service system crash or gain privileges via a...

CVE-2015-8089

The CVE-2015-8089 issue affects Huawei P7 devices (P7-L00/L05/L09) with specific firmware builds prior to P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851. The root cause is a GPU driver input validation failure that allows local attackers to read or write arbitrary kernel memory, enabling either ...

MacOS Insecure Swap File Vulnerability

It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0 on MacOS. MacOS uses an insecure swap file CVE-2017-2494 This came out of a discussion with Jann Horn this afternoon; credit is his. It turns out that even with SIP enabled a...