CVE-2016-7389

NameCVE-2016-7389
DescriptionFor the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs846331, 846332, 846333

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nvidia-graphics-drivers (PTS)jessie/non-free340.106-1fixed
stretch/non-free (security), stretch/non-free (lts), stretch/non-free390.144-1~deb9u1fixed
buster/non-free418.226.00-3fixed
bullseye/non-free470.256.02-2fixed
bookworm/non-free-firmware535.183.01-1~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware535.216.03-1fixed
nvidia-graphics-drivers-legacy-304xx (PTS)jessie/non-free304.137-0~deb8u1fixed
stretch/non-free304.137-5~deb9u1fixed
nvidia-graphics-drivers-legacy-340xx (PTS)stretch/non-free340.108-3~deb9u1fixed
buster/non-free340.108-3~deb10u1fixed
sid/non-free340.108-23fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nvidia-graphics-driverssourcejessie340.101-1
nvidia-graphics-driverssource(unstable)367.57-1846331
nvidia-graphics-drivers-legacy-304xxsourcejessie304.134-0~deb8u1
nvidia-graphics-drivers-legacy-304xxsource(unstable)304.132-1846333
nvidia-graphics-drivers-legacy-340xxsource(unstable)340.98-1846332

Notes

[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
http://nvidia.custhelp.com/app/answers/detail/a_id/4246

Search for package or bug name: Reporting problems