CVE-2015-7869: Integer Overflow
First published: Tue Nov 24 2015(Updated: )
Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Ubuntu | =15.10 | |
| Nvidia GPU Driver | >=304<304.131 | |
| Nvidia GPU Driver | >=340<340.96 | |
| Nvidia GPU Driver | >=352<352.63 | |
| Nvidia GPU Driver | >=358<358.16 | |
| Nvidia GPU Driver | =346.22 | |
| Linux Kernel | ||
| Nvidia GPU Driver | >=340<341.96 | |
| Nvidia GPU Driver | >=352<354.35 | |
| Nvidia GPU Driver | >=358<358.87 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7869?
CVE-2015-7869 has a medium severity rating, allowing local users to exploit integer overflows to obtain sensitive information.
How do I fix CVE-2015-7869?
To fix CVE-2015-7869, update the NVIDIA GPU graphics driver to versions 341.92 or later for R340, 354.35 or later for R352, and 358.87 or later for R358 on Windows, or to versions 304.131, 340.96, 352.63, or 358.16 or later on Linux.
What systems are affected by CVE-2015-7869?
CVE-2015-7869 affects multiple NVIDIA GPU driver versions and specific Ubuntu Linux versions including 12.04, 14.04, 15.04, and 15.10.
What are the potential impacts of CVE-2015-7869?
Exploitation of CVE-2015-7869 could allow local users to gain access to sensitive information on the affected systems.
How can I determine if my NVIDIA driver is vulnerable to CVE-2015-7869?
To determine if your NVIDIA driver is vulnerable to CVE-2015-7869, check the driver version against the specified vulnerable versions in the advisory.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/15.04
- version/ubuntu linux/15.10
- vendor/nvidia
- canonical/nvidia gpu driver r304
- version/nvidia gpu driver r304/304
- version/nvidia gpu driver r304/340
- version/nvidia gpu driver r304/352
- version/nvidia gpu driver r304/358
- version/nvidia gpu driver r304/346.22
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows