CVE-2015-5950: Buffer Overflow
First published: Tue Sep 29 2015(Updated: )
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA GPU kernel driver | <=352.30 | |
| Nvidia GPU Driver | <=352.09 | |
| Nvidia GPU Driver | =304.108 | |
| Nvidia GPU Driver | =304.119 | |
| Nvidia GPU Driver | =304.121 | |
| Nvidia GPU Driver | =304.123 | |
| Nvidia GPU Driver | =304.125 | |
| Nvidia GPU Driver | =352.21 | |
| Nvidia GPU Driver | =352.30 | |
| Nvidia GPU Driver | <=352.86 | |
| Nvidia GPU Driver | =340.43 | |
| Nvidia GPU Driver | =340.52 | |
| Nvidia GPU Driver | =341.44 | |
| Nvidia GPU Driver | =353.06 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://nvidia.custhelp.com/app/answers/detail/a_id/3763/~/cve-2015-5950-memory-corruption-due-to-an-unsanitized-pointer-in-the-nvidia
- http://www.securitytracker.com/id/1033662
- http://www.ubuntu.com/usn/USN-2747-1
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468
- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04815468
- https://support.lenovo.com/us/en/product_security/len_3313
Frequently Asked Questions
What is the severity of CVE-2015-5950?
The severity of CVE-2015-5950 is classified as high due to the potential exploitation allowing local users to gain elevated privileges.
How do I fix CVE-2015-5950?
To fix CVE-2015-5950, update to the latest NVIDIA GPU display driver versions specified in the vulnerability report.
Which NVIDIA GPU display driver versions are affected by CVE-2015-5950?
CVE-2015-5950 affects NVIDIA GPU display driver versions R352 before 353.82 and R340 before 341.81 on Windows, along with specific versions on Linux.
What operating systems are impacted by CVE-2015-5950?
CVE-2015-5950 impacts Windows and Linux operating systems that use vulnerable NVIDIA GPU display drivers.
Are there any workarounds for CVE-2015-5950?
There are no specific workarounds for CVE-2015-5950, so it is recommended to update drivers as the primary mitigation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nvidia
- canonical/nvidia gpu kernel driver
- version/nvidia gpu kernel driver/352.30
- canonical/nvidia gpu driver
- version/nvidia gpu driver/352.09
- version/nvidia gpu driver/304.108
- version/nvidia gpu driver/304.119
- version/nvidia gpu driver/304.121
- version/nvidia gpu driver/304.123
- version/nvidia gpu driver/304.125
- version/nvidia gpu driver/352.21
- version/nvidia gpu driver/352.30
- version/nvidia gpu driver/352.86
- version/nvidia gpu driver/340.43
- version/nvidia gpu driver/340.52
- version/nvidia gpu driver/341.44
- version/nvidia gpu driver/353.06
- vendor/microsoft
- canonical/microsoft windows operating system