Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 632138 (CVE-2017-6266, CVE-2017-6267, CVE-2017-6272) - x11-drivers/nvidia-drivers CVE-2017-6266 CVE-2017-6267 CVE-2017-6272
Summary: x11-drivers/nvidia-drivers CVE-2017-6266 CVE-2017-6267 CVE-2017-6272
Alias: CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [noglsa cve]
Depends on:
Reported: 2017-09-27 12:08 UTC by Jeroen Roovers
Modified: 2020-06-27 19:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2017-09-27 12:08:24 UTC
Comment 1 D'juan McDonald (domhnall) 2017-11-09 02:52:55 UTC
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

@maintainter(s) fixed version `=375.88`, in tree version `375.82`. Please confirm if CVE-2017-6272 were addressed in Gentoo's branch of R375 or not. 

Gentoo Security Padawan
Comment 2 John Helmert III (ajak) 2020-06-13 18:45:20 UTC
Maintainer(s): Ping. Looks like the only vulnerable version in the tree is 340.108 based on [1]. Do we need to keep it? If so, maybe it needs to be masked?

Comment 3 John Helmert III (ajak) 2020-06-13 19:58:19 UTC
Looks like the only last vulnerable versions we had on the 384 branch were removed in b40400b5ec0252bee0915be28ba1b294de479972 in September of 2017:

commit b40400b5ec0252bee0915be28ba1b294de479972
Author: Jeroen Roovers <>
Date:   Wed Sep 27 18:25:41 2017 +0200

    x11-drivers/nvidia-drivers: Old.

    Package-Manager: Portage-2.3.10, Repoman-2.3.3

 delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-384.59-r1.ebuild
 delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-384.69.ebuild

And the same for the 375 branch ebuilds, cleaned up January 2019:

commit eb22dfef2d7c2ae67f092cbbdd9a0631ca609f56
Author: Jeroen Roovers <>
Date:   Wed Jan 16 10:59:29 2019 +0100

    x11-drivers/nvidia-drivers: Drop unmaintained branches

    Package-Manager: Portage-2.3.56, Repoman-2.3.12
    Signed-off-by: Jeroen Roovers <>

 delete mode 100644 x11-drivers/nvidia-drivers/nvidia-drivers-375.82.ebuild
Comment 4 Sam James archtester gentoo-dev Security 2020-06-27 19:41:08 UTC
Tree clean, too old for GLSA.