Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03513 rev.2 - HP PCs and Workstations running Windows and Linux with NVIDIA Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege

Related Vulnerabilities: CVE-2015-5950  

Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVIDIA Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products.

Source
Potential Security Impact:
Denial of Service (DoS), elevation of privilege

VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVIDIA Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege.
Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products.
Reference Number
  • CVE-2015-5950
  • SSRT102235
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Notebooks and Workstations
  • HP EliteBook 8740w 8740w NVIDIA video driver
  • HP EliteBook 8440w 8440w NVIDIA video driver
  • HP EliteBook 8540w 8540w NVIDIA video driver
  • HP EliteBook 8760w 8760w NVIDIA video driver
  • HP EliteBook 8560w 8560w NVIDIA video driver
  • HP EliteBook 8770w 8570w NVIDIA video driver
  • HP EliteBook 8570w 8570w NVIDIA video driver
  • HP ZBook 17 17 NVIDIA video driver
  • HP ZBook 15 15 NVIDIA video driver
  • HP Zbook 17 G2 17 G2 NVIDIA video driver
  • HP Zbook 15 G2 15 G2 NVIDIA video driver
  • HP Z1 NVIDIA video driver
  • HP Z230 NVIDIA video driver
  • HP Z420 NVIDIA video driver
  • HP Z440 NVIDIA video driver
  • HP Z620 NVIDIA video driver
  • HP Z640 NVIDIA video driver
  • HP Z820 NVIDIA video driver
  • HP Z840 NVIDIA video driver
BACKGROUND
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2015-5950
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
6.6
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following NVIDIA driver updates for the impacted Windows and Linux platforms running the NVIDIA Graphics Driver. To obtain updated drivers, go to the HP Software and Drivers page for your product and find the video driver from the list of available software.
note:
This security bulletin will be revised as additional product updates become available.
Linux Users Note: Download and install Linux-specific graphics drivers directly from NVIDIA download resources to address vulnerability.
  • Long Lived Branch versions 352.41 (or greater) and 346.96 (or greater).
  • Legacy Support Branches 304.128 (or greater) and 340.93 (or greater).
HP Notebooks and Workstations
O/S
Version
Softpaq
HP EliteBook 8440w
Windows 7/8/8.1
341.81
SP72938
HP EliteBook 8540w
Windows 7/8/8.1
341.81
SP72938
HP EliteBook 8560w
Windows 7/8/8.1
341.81
SP72938
HP EliteBook 8570w
Windows 7/8/8.1
354.04
SP72937
HP EliteBook 8570w
Windows 10
354.04
SP72936
HP EliteBook 8740w
Windows 7/8/8.1
341.81
SP72938
HP EliteBook 8760w
Windows 7/8/8.1
341.81
SP72938
HP EliteBook 8770w
Windows 7/8/8.1
354.04
SP72937
HP EliteBook 8770w
Windows 10
354.04
SP72936
HP ZBook 15
Windows 10
354.04
SP72936
HP ZBook 15
Windows 7/8/8.1
354.04
SP72937
HP ZBook 15 G2
Windows 7/8/8.1
354.04
SP72937
HP ZBook 15 G2
Windows 10
354.04
SP72936
HP ZBook 17
Windows 7/8/8.1
354.04
SP72937
HP ZBook 17
Windows 10
354.04
SP72936
HP ZBook 17 G2
Windows 7/8/8.1
354.04
SP72937
HP ZBook 17 G2
Windows 10
354.04
SP72936
HP Z1
See *Note
HP Z230
See *Note
HP Z420
See *Note
HP Z440
See *Note
HP Z620
See *Note
HP Z640
See *Note
HP Z820
See *Note
HP Z840
See *Note
*Note: HP will revise this security bulletin when softpaq updates are available for these products. Until available, customers can download updated NVIDIA drivers for Windows 7, 8.1 or 10.0 from nvidia.com.
...
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc_profile.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
GN
HP General Software
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: hp-security-alert@hp.com
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : Version:1 (rev.1) - 25 September 2015 Initial release; Version:2 (rev.2) - 26 July 2017 Shortened NVidia driver install process, replaced all instances of Nvidia and NVidia with NVIDIA, updated a Note tag, and updated boilerplate reuse text.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started