Board logo

标题: NVIDIA Linux 显示驱动程序中包含缺失权限检查和不当验证漏洞 [打印本页]

作者: 爱国者    时间: 2017-5-11 14:54     标题: NVIDIA Linux 显示驱动程序中包含缺失权限检查和不当验证漏洞

故障现象:

Lenovo 安全公告:LEN-10962

潜在影响:权限提升

严重性

影响范围:整个行业

CVE 标识符:CVE-2016-7382,CVE-2016-7389

概要描述:

该 Linux NVIDIA Linux GPU 显示驱动程序中包含两项权限升级漏洞。

CVE-2016-7382

NVIDIA GPU 显示驱动程序的内核模式层 (nvidia.ko) 管理器中包含一个漏洞,有一项权限检查缺失,使用户可以使用任意物理内存,导致权限升级。

CVE-2016-7389

Linux 上的 NVIDIA GPU 显示驱动程序的内核模式层 (nvidia.ko) 管理器中的 mmap() 包含一个漏洞,不当的输入验证使用户可以使用任意物理内存,导致权限升级。

有关更多详情,请单击此处,查看 NVidia 安全公告。


解决方案:

您应如何保护自己:

Lenovo 目前正对所有适用的受影响产品上更新的 NVIDIA 驱动程序进行认证。质量保证测试结束后,更新的驱动程序将发布到受影响产品的 Lenovo 支持站点。请参阅以下“产品影响”部分,查看产品修复程序列表。受影响产品的驱动程序通过认证后,您将能直接链接到驱动程序下载页面。建议您经常访问此安全公告以寻找适用于您产品的最新合格驱动程序的链接。

对产品的影响:

有关详细信息,请单击相应内容。

台式机 - 不受影响

台式机 - 一体机 - 不受影响

IdeaPad- 不受影响

System x -Lenovo

System x (IBM)

ThinkPad- 不受影响

ThinkServer

ThinkStation

其他信息和参考:

http://nvidia.custhelp.com/app/answers/detail/a_id/4246

如需获取全部 Lenovo 产品安全公告完整列表,请单击此处

修订历史记录:

修订版本

日期

描述

1

04/27/2017

初始版本。

有关最新信息,请留意 Lenovo 关于您的设备和软件发布的更新和公告。本公告中提供的信息“按原样”提供,不作任何种类的任何担保或保证。Lenovo 保留随时更改或更新本公告的权利。

对产品的影响:


System x -Lenovo


产品

状态

修复漏洞所需的最低版本

更新链接

上次更新日期

Flex System x240 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

Flex System x240 M5

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

Flex System x280 X6

不受影响

Flex System x440 M4

不受影响

Flex System x480 X6

不受影响

Flex System x880

不受影响

NeXtScale nx360 M5

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3250 M6

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3500 M5

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3550 M5

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3650 M5

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3750 M4

不受影响

System x3850 X6

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3950 X6

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017


System x (IBM)


产品

状态

修复漏洞所需的最低版本

更新链接

上次更新日期

BladeCenter HS22

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

BladeCenter HS22V

不受影响

BladeCenter HS23

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

BladeCenter HS23E

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

BladeCenter HX5

不受影响

Flex System x220 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

Flex System x222 M4

不受影响

Flex System x240 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

Flex System x280

不受影响

Flex System x280 X6

不受影响

Flex System x440 M4

不受影响

Flex System x480

不受影响

Flex System x480 X6

不受影响

Flex System x880

不受影响

Flex System x880 X6

不受影响

iDataPlex dx360 M2

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

iDataPlex dx360 M3

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

iDataPlex dx360 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

iDataPlex dx360 M4 Water Cooled

不受影响

NeXtScale nx360 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3100 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3100 M5

不受影响

System x3250 M4

不受影响

System x3250 M5

不受影响

System x3300 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3500 M2

不受影响

System x3500 M3

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3500 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3530 M4

不受影响

System x3550 M2

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3550 M3

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3550 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3560 M2

不受影响

System x3560 M3

不受影响

System x3630 M3

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3630 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3650 M3

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3650 M4

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3650 M4 BD

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3650 M4 HD

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3690 X5

不受影响

System x3750 M4

不受影响

System x3850 X5

不受影响

System x3850 X6

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017

System x3950 X5

不受影响

System x3950 X6

受影响

375.39

http://support.lenovo.com/downloads/DS121339

4/27/2017


ThinkServer


产品

状态

修复漏洞所需的最低版本

更新链接

上次更新日期

ThinkServer RD340

不受影响

4/27/2017

ThinkServer RD350

不受影响

4/27/2017

ThinkServer RD440

不受影响

4/27/2017

ThinkServer RD450

不受影响

4/27/2017

ThinkServer RD540

不受影响

4/27/2017

ThinkServer RD550

不受影响

4/27/2017

ThinkServer RD640

不受影响

4/27/2017

ThinkServer RD650

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer RQ750

受影响

375.39

点击此处更新

4/27/2017

ThinkServer RQ940

不受影响

4/27/2017

ThinkServer RS140

不受影响

4/27/2017

ThinkServer RS160

不受影响

4/27/2017

ThinkServer TD340

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TD350

不受影响

4/27/2017

ThinkServer TS140

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TS150

不受影响

4/27/2017

ThinkServer TS240

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TS250

不受影响

4/27/2017

ThinkServer TS440

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TS450

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TS540

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017

ThinkServer TS550

受影响

375.39

https://pcsupport.lenovo.com/olddownloads/DS104457

4/27/2017


ThinkStation


产品

状态

修复漏洞所需的最低版本

更新链接

上次更新日期

ThinkStation C30(1095-1096-1097 型)

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation C30(1136-1137 型)

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation D30(4223-4228-4229 型)

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation D30(4353-4354 型)

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation E31

不受影响

4/27/2017

ThinkStation E32

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P300

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P310

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P410

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P500

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P510

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P700

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P710

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P900

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation P910

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation S30(0567-0568-0569-0606 型)

受影响

367.57

http://support.lenovo.com/downloads/DS101096

4/27/2017

ThinkStation S30(4351-4352 型)

受影响

367.57

http://support.lenovo.co






欢迎光临 合肥本本之星 合肥Thinkpad专卖店 合肥Apple专卖店 hfthink 合肥本之星信息科技有限公司 (http://hfthink.net/) Powered by Discuz! 7.2