Information is a little sparse & for future reference I'm trying to understand info listed in Mint updater (or how Nvidia's security info is presented).
Mint's updater - nvidia-graphics-drivers-340 (340.102-0ubuntu0.16.04.1) xenial, cites CVE-2017-0318 (LP: #1659586). Which I read
https://nvd.nist.gov/vuln/detail/CVE...scriptionTitle.
Mint's updater also indicates 340.102 applied patches to kernel 4.9. & 4.10., but it doesn't indicate if CVE-2017-0318 applies to earlier kernel versions. (Again, trying to understand how this data is presented).
Find Nvidia's page for CVE-2017-0318 (LP: #1659586) - here:
http://www.nvidia.com/object/product-security.html, and the link that includes info on CVE-2017-0318 (
http://nvidia.custhelp.com/app/answers/detail/a_id/4398)...
...it also mentions *CVE-2017-0309,* further down the page (
http://nvidia.custhelp.com/app/answers/detail/a_id/4398) under "Affected Products" - appears to affect Linux + (in my case) GeForce.
But CVE-0309 isn't mentioned anywhere else for the 340.102 driver (that I see), but the table on Nvidia's site seems to indicate CVE-0309 also affected GeForce running the 340.x driver branch.
Really can't make sense of it.
Maybe -0309 applies to an earlier driver series - before 340.x? - but how to decipher this data?
I can't tell if CVE-2017-0309 applies to GeForce *and* kernel 4.40.x. Did Mint updater just leave out info on CVE -0309 and / or which kernels are affected, or are kernel versions irrelevant here?
The Nvidia table farther down on
http://nvidia.custhelp.com/app/answers/detail/a_id/4398, for "Fixes > Linux", lists Products (specifically GeForce), the OS and "1st Version Including the Fix."
I don't know which driver branches listed apply to GeForce. It appears possibly all? IF SO, why isn't CVE-2017-0309 mentioned in the 340.102 update?
Do ALL the CVEs at top of that page (incl. 2017-0309) apply to ALL GeForce, using any of the 5 listed driver branches: R378, R375, R340, R304?
Thanks.