NVIDIA Linux GPU 显示驱动程序中包含缺失权限检查和不当验证漏洞-联想知识库

联想服务 Think服务大客户服务联想官网

NVIDIA Linux GPU 显示驱动程序中包含缺失权限检查和不当验证漏洞

小新系列2017-05-09知识编号：157981

催更新

故障现象:

Lenovo 安全公告：LEN-10962

潜在影响：权限提升

严重性：中

影响范围：整个行业

CVE 标识符：CVE-2016-7382，CVE-2016-7389

概要描述：

该 Linux NVIDIA Linux GPU 显示驱动程序中包含两项权限升级漏洞。

CVE-2016-7382

NVIDIA GPU 显示驱动程序的内核模式层（nvidia.ko）管理器中包含一个漏洞，有一项权限检查缺失，使用户可以使用任意物理内存，导致权限升级。

CVE-2016-7389

Linux 上的 NVIDIA GPU 显示驱动程序的内核模式层（nvidia.ko）管理器中的 mmap（）包含一个漏洞，不当的输入验证使用户可以使用任意物理内存，导致权限升级。

有关更多详情，请单击此处，查看 NVidia 安全公告。

解决方案:

您应如何保护自己：

Lenovo 目前正对所有适用的受影响产品上更新的 NVIDIA 驱动程序进行认证。质量保证测试结束后，更新的驱动程序将发布到受影响产品的 Lenovo 支持站点。请参阅以下“产品影响”部分，查看产品修复程序列表。受影响产品的驱动程序通过认证后，您将能直接链接到驱动程序下载页面。建议您经常访问此安全公告以寻找适用于您产品的最新合格驱动程序的链接。

对产品的影响：

有关详细信息，请单击相应内容。

台式机 - 不受影响

台式机 - 一体机 - 不受影响

IdeaPad- 不受影响

System x -Lenovo

System x （IBM）

ThinkPad- 不受影响

ThinkServer

ThinkStation

其他信息和参考：

https://nvidia.custhelp.com/app/answers/detail/a_id/4246

如需获取全部 Lenovo 产品安全公告完整列表，请单击此处。

修订历史记录：

修订版本	日期	描述
1	04/27/2017	初始版本。

有关最新信息，请留意 Lenovo 关于您的设备和软件发布的更新和公告。本公告中提供的信息“按原样”提供，不作任何种类的任何担保或保证。Lenovo 保留随时更改或更新本公告的权利。

对产品的影响：

System x -Lenovo

产品	状态	修复漏洞所需的最低版本	更新链接	上次更新日期
Flex System x240 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
Flex System x240 M5	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
Flex System x280 X6	不受影响
Flex System x440 M4	不受影响
Flex System x480 X6	不受影响
Flex System x880	不受影响
NeXtScale nx360 M5	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3250 M6	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3500 M5	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3550 M5	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3650 M5	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3750 M4	不受影响
System x3850 X6	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3950 X6	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017

System x （IBM）

产品	状态	修复漏洞所需的最低版本	更新链接	上次更新日期
BladeCenter HS22	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
BladeCenter HS22V	不受影响		‐
BladeCenter HS23	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
BladeCenter HS23E	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
BladeCenter HX5	不受影响		‐
Flex System x220 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
Flex System x222 M4	不受影响		‐
Flex System x240 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
Flex System x280	不受影响		‐
Flex System x280 X6	不受影响
Flex System x440 M4	不受影响
Flex System x480	不受影响
Flex System x480 X6	不受影响
Flex System x880	不受影响
Flex System x880 X6	不受影响
iDataPlex dx360 M2	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
iDataPlex dx360 M3	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
iDataPlex dx360 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
iDataPlex dx360 M4 Water Cooled	不受影响
NeXtScale nx360 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3100 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3100 M5	不受影响
System x3250 M4	不受影响
System x3250 M5	不受影响
System x3300 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3500 M2	不受影响		‐
System x3500 M3	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3500 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3530 M4	不受影响
System x3550 M2	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3550 M3	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3550 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3560 M2	不受影响
System x3560 M3	不受影响
System x3630 M3	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3630 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3650 M3	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3650 M4	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3650 M4 BD	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3650 M4 HD	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3690 X5	不受影响
System x3750 M4	不受影响
System x3850 X5	不受影响
System x3850 X6	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017
System x3950 X5	不受影响		‐
System x3950 X6	受影响	375.39	https://support.lenovo.com/downloads/DS121339	4/27/2017

ThinkServer

产品	状态	修复漏洞所需的最低版本	更新链接	上次更新日期
ThinkServer RD340	不受影响			4/27/2017
ThinkServer RD350	不受影响			4/27/2017
ThinkServer RD440	不受影响			4/27/2017
ThinkServer RD450	不受影响			4/27/2017
ThinkServer RD540	不受影响			4/27/2017
ThinkServer RD550	不受影响			4/27/2017
ThinkServer RD640	不受影响			4/27/2017
ThinkServer RD650	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer RQ750	受影响	375.39	点击此处更新	4/27/2017
ThinkServer RQ940	不受影响			4/27/2017
ThinkServer RS140	不受影响			4/27/2017
ThinkServer RS160	不受影响			4/27/2017
ThinkServer TD340	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TD350	不受影响			4/27/2017
ThinkServer TS140	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TS150	不受影响			4/27/2017
ThinkServer TS240	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TS250	不受影响			4/27/2017
ThinkServer TS440	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TS450	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TS540	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017
ThinkServer TS550	受影响	375.39	https://pcsupport.lenovo.com/olddownloads/DS104457	4/27/2017

ThinkStation

产品	状态	修复漏洞所需的最低版本	更新链接	上次更新日期
ThinkStation C30（1095-1096-1097 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation C30（1136-1137 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation D30（4223-4228-4229 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation D30（4353-4354 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation E31	不受影响			4/27/2017
ThinkStation E32	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P300	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P310	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P410	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P500	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P510	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P700	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P710	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P900	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation P910	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation S30（0567-0568-0569-0606 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017
ThinkStation S30（4351-4352 型）	受影响	367.57	https://support.lenovo.com/downloads/DS101096	4/27/2017 <

知识有用，就点一下~

收藏 :

鐢ㄦ埛娉ㄥ唽鍗忚鍙婇殣绉佹斂绛�

鎵弿鎴愬姛!

浜岀淮鐮佸凡澶辨晥