Improper Resource Shutdown or Release Affecting nvidia-graphics-drivers-legacy-390xx package, versions <390.144-1~deb10u1


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment

    Threat Intelligence

    EPSS
    0.04% (14th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN10-NVIDIAGRAPHICSDRIVERSLEGACY390XX-1322687
  • published 22 Jul 2021
  • disclosed 22 Jul 2021

How to fix?

Upgrade Debian:10 nvidia-graphics-drivers-legacy-390xx to version 390.144-1~deb10u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream nvidia-graphics-drivers-legacy-390xx package and not the nvidia-graphics-drivers-legacy-390xx package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.

CVSS Scores

version 3.1
Expand this section

NVD

5.5 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High