CVE-2015-5053
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
24/11/2015
Last modified:
12/04/2025
Description
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nvidia:gpu_driver:346.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.35:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.47:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.59:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.72:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:346.82:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:352.09:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:352.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:352.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:352.41:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page