CVE-2015-5053

Name of the Vulnerable Software and Affected Versions NVIDIA GPU graphics driver versions prior to 346.87 NVIDIA GPU graphics driver versions prior to 352.41 for Linux NVIDIA GPU graphics driver versions prior to 352.46 for GRID vGPU and vSGA

Description The issue is related to inadequate access control in the NVIDIA GPU graphics driver, which can be exploited by a remote attacker to gain privileges or cause a denial of service. The host memory mapping path feature does not properly restrict access to third-party device IO memory, allowing attackers to have an impact via unknown vectors related to the follow pfn kernel-mode API call.

Recommendations For versions prior to 346.87, update to version 346.87 or later to resolve the issue. For versions prior to 352.41 for Linux, update to version 352.41 or later to resolve the issue. For versions prior to 352.46 for GRID vGPU and vSGA, update to version 352.46 or later to resolve the issue. As a temporary workaround, consider restricting access to the follow pfn kernel-mode API call to minimize the risk of exploitation.