CVE-2015-5053
CVSS V2 High 10
CVSS V3 None
Description
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.
Overview
- CVE ID
- CVE-2015-5053
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2015-11-24T20:59:02
- Last Modified Date
- 2015-11-25T15:58:14
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:nvidia:gpu_driver:346.16:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.22:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.35:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.47:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.59:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.72:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:346.82:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:352.09:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:352.21:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:352.30:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:nvidia:gpu_driver:352.41:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 10
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 10
References
| Reference URL | Reference Tags |
|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/3802 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2015-5053 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5053 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:18:45 | Added to TrackCVE | |||
| 2022-12-02 07:18:05 | 2015-11-24T20:59Z | 2015-11-24T20:59:02 | CVE Published Date | updated |
| 2022-12-02 07:18:05 | 2015-11-25T15:58:14 | CVE Modified Date | updated | |
| 2022-12-02 07:18:06 | Analyzed | Vulnerability Status | updated |