CVE-2015-3625

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

18/07/2015

Last modified:

12/04/2025

Description

The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

7.20

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:nvidia:gpu_driver::::::::	304 (including)	304.125 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	331 (including)	331.113 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	334 (including)	334.21 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	337 (including)	337.25 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	340 (including)	340.76 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	343 (including)	343.36 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	346 (including)	346.72 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	349 (including)	349.16 (excluding)
cpe:2.3:a:nvidia:gpu_driver::::::::	352 (including)	352.09 (excluding)
cpe:2.3:o:freebsd:freebsd::::::::

To consult the complete list of CPE names with products and versions, see this page

CVE-2015-3625

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools