svn commit: r441511 - head/security/vuxml

Alexey Dokuchaev danfe at FreeBSD.org
Tue May 23 09:18:06 UTC 2017 

Author: danfe
Date: Tue May 23 09:18:04 2017
New Revision: 441511
URL: https://svnweb.freebsd.org/changeset/ports/441511

Log:
  Document another round of multiple vulnerabilities found in the kernel
  mode layer handler of nVidia GPU display driver.
  
  Security:	CVE-2017-0350, CVE-2017-0351, CVE-2017-0352
  PR:		219465
  Submitted by:	Andrew Marks

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue May 23 09:00:35 2017	(r441510)
+++ head/security/vuxml/vuln.xml	Tue May 23 09:18:04 2017	(r441511)
@@ -58,6 +58,38 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21">
+    <topic>NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler</topic>
+    <affects>
+      <package>
+	<name>nvidia-driver</name>
+	<range><lt>375.66</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>NVIDIA Unix security team reports:</p>
+	<blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/4462">
+	  <p>NVIDIA GPU Display Driver contains vulnerabilities in the
+	    kernel mode layer handler where not correctly validated user
+	    input, NULL pointer dereference, and incorrect access control
+	    may lead to denial of service or potential escalation of
+	    privileges.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2017-0350</cvename>
+      <cvename>CVE-2017-0351</cvename>
+      <cvename>CVE-2017-0352</cvename>
+      <url>http://nvidia.custhelp.com/app/answers/detail/a_id/4462</url>
+    </references>
+    <dates>
+      <discovery>2017-05-15</discovery>
+      <entry>2017-05-23</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="da1d5d2e-3eca-11e7-8861-0018fe623f2b">
     <topic>miniupnpc -- integer signedness error</topic>
     <affects>

More information about the svn-ports-all mailing list