Vulnerabilities > CVE-2017-0309 - Integer Overflow or Wraparound vulnerability in Nvidia GPU Driver

047910
CVSS 8.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
nvidia
CWE-190
nessus

Summary

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.

Vulnerable Configurations

Part Description Count
Application
Nvidia
1
OS
Freebsd
1
OS
Linux
1
OS
Microsoft
1
OS
Oracle
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyMisc.
    NASL idNVIDIA_UNIX_CVE_2017_0324.NASL
    descriptionThe version of the NVIDIA GPU display driver installed on the remote Linux host is 304.x prior to 304.135, 340.x prior to 340.102, 361.x prior to 361.119, 375.x prior to 375.39, or 378.x prior to 378.13. It is, therefore, affected by multiple vulnerabilities: - Multiple integer overflow conditions exist in the kernel mode layer handler that allow a local attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0309) - A flaw exists in the kernel mode layer handler due to improper access controls that allows a local attacker to cause a denial of service condition. (CVE-2017-0310) - A flaw exists in the kernel mode layer handler due to improper access controls that allows a local attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0311) - A flaw exists in the kernel mode layer handler due to improper validation of an input parameter. A local attacker can exploit this to cause a denial of service condition. (CVE-2017-0318) - A NULL pointer dereference flaw exists in the kernel mode layer handler due to improper validation of certain input. A local attacker can exploit this to cause a denial of service condition or potentially execute arbitrary code. (CVE-2017-0321)
    last seen2020-06-01
    modified2020-06-02
    plugin id97385
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97385
    titleNVIDIA Linux GPU Display Driver 304.x < 304.135 / 340.x < 340.102 / 361.x < 361.119 / 375.x < 375.39 / 378.x < 378.13 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97385);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2017-0309",
        "CVE-2017-0310",
        "CVE-2017-0311",
        "CVE-2017-0318",
        "CVE-2017-0321"
      );
    
      script_name(english:"NVIDIA Linux GPU Display Driver 304.x < 304.135 / 340.x < 340.102 / 361.x < 361.119 / 375.x < 375.39 / 378.x < 378.13 Multiple Vulnerabilities");
      script_summary(english:"Checks the driver version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A display driver installed on the remote Linux host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of the NVIDIA GPU display driver installed on the remote
    Linux host is 304.x prior to 304.135, 340.x prior to 340.102, 361.x
    prior to 361.119, 375.x prior to 375.39, or 378.x prior to 378.13.
    It is, therefore, affected by multiple vulnerabilities:
    
      - Multiple integer overflow conditions exist in the kernel
        mode layer handler that allow a local attacker to cause
        a denial of service condition or the execution of
        arbitrary code. (CVE-2017-0309)
    
      - A flaw exists in the kernel mode layer handler due to
        improper access controls that allows a local attacker to
        cause a denial of service condition. (CVE-2017-0310)
    
      - A flaw exists in the kernel mode layer handler due to
        improper access controls that allows a local attacker to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-0311)
    
      - A flaw exists in the kernel mode layer handler due to
        improper validation of an input parameter. A local
        attacker can exploit this to cause a denial of service
        condition. (CVE-2017-0318)
    
      - A NULL pointer dereference flaw exists in the
        kernel mode layer handler due to improper validation of
        certain input. A local attacker can exploit this to
        cause a denial of service condition or potentially
        execute arbitrary code. (CVE-2017-0321)");
      script_set_attribute(attribute:"see_also", value:"http://nvidia.custhelp.com/app/answers/detail/a_id/4398");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the NVIDIA graphics driver to version 304.135 / 340.102 /
    361.119 / 375.39 / 378.13 or later in accordance with the vendor
    advisory.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-0321");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:gpu_driver");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("nvidia_unix_driver_detect.nbin");
      script_require_keys("NVIDIA_UNIX_Driver/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("NVIDIA_UNIX_Driver/Version");
    
    fix = NULL;
    note = '';
    
    if (version =~ "^378\." && ver_compare(ver:version, fix:"378.13", strict:FALSE) == -1)
      fix = "378.13";
    else if (version =~ "^375\." && ver_compare(ver:version, fix:"375.39", strict:FALSE) == -1)
      fix = "375.39";
    else if (version =~ "^361\." && ver_compare(ver:version, fix:"361.119", strict:FALSE) == -1)
      fix = "361.119";
    else if (version =~ "^340\." && ver_compare(ver:version, fix:"340.102", strict:FALSE) == -1)
      fix = "340.102";
    else if (version =~ "^304\." && ver_compare(ver:version, fix:"304.135", strict:FALSE) == -1)
      fix = "304.135";
    
    if(!fix)
      audit(AUDIT_INST_VER_NOT_VULN, "NVIDIA UNIX Driver", version);
    
    report = '\n  Installed driver version : ' + version +
             '\n  Fixed driver version     : ' + fix;
    
    security_report_v4(severity:SECURITY_HOLE, port:0, extra: report+note);
    
  • NASL familyWindows
    NASL idNVIDIA_WIN_CVE_2017_0324.NASL
    descriptionThe version of the NVIDIA GPU display driver installed on the remote Windows host is 375.x prior to 376.67 or 378.x prior to 378.52. It is, therefore, affected by multiple vulnerabilities : - Multiple overflow conditions exist in the kernel mode layer handler (nvlddmkm.sys) for DxgkDdiEscape due to a failure to properly calculate the input buffer size. A local attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0308, CVE-2017-0324) - Multiple integer overflow conditions exist in the kernel mode layer handler that allow a local attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0309) - A flaw exists in the kernel mode layer handler due to improper access controls that allows a local attacker to cause a denial of service condition. (CVE-2017-0310) - A flaw exists in the kernel mode layer handler due to improper access controls that allows a local attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0311) - An overflow condition exists in the kernel mode layer handler for DxgDdiEscape ID 0x100008B due to improper validation of input before setting the limits for a loop. A local attacker can exploit this to cause a denial of service condition or potentially gain elevated privileges. (CVE-2017-0312) - Multiple out-of-bounds write flaws exist within the DxgkDdiSubmitCommandVirtual() function in the kernel mode layer handler due to improper validation of certain size and length values. A local attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-0313, CVE-2017-0314) - A flaw exists in the kernel mode layer handler for DxgkDdiEscape due to accessing an invalid object pointer that allows a local attacker to execute arbitrary code. (CVE-2017-0315) - A flaw exists in the NVIDIA GPU and GeForce Experience Installer due to improper file permissions on the package extraction path. A local attacker can exploit this to manipulate extracted files and thereby potentially gain elevated privileges. (CVE-2017-0317) - Multiple flaws exist in the kernel mode layer handler due to improper handling of unspecified values that allow a local attacker to cause a denial of service condition. (CVE-2017-0319, CVE-2017-0320) - Multiple NULL pointer dereference flaws exist in the kernel mode layer handler due to improper validation of certain input. A local attacker can exploit these to cause a denial of service condition or potentially execute arbitrary code. (CVE-2017-0321, CVE-2017-0323) - An array-indexing error exists in the kernel mode layer handler due to improper validation of certain input. A local attacker can exploit this to cause a denial of service condition or gain elevated privileges. (CVE-2017-0322)
    last seen2020-06-01
    modified2020-06-02
    plugin id97386
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97386
    titleNVIDIA Windows GPU Display Driver 375.x < 376.67 / 378.x < 378.52 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97386);
      script_version("1.5");
      script_cvs_date("Date: 2018/07/16 14:09:15");
    
      script_cve_id(
        "CVE-2017-0308",
        "CVE-2017-0309",
        "CVE-2017-0310",
        "CVE-2017-0311",
        "CVE-2017-0312",
        "CVE-2017-0313",
        "CVE-2017-0314",
        "CVE-2017-0315",
        "CVE-2017-0317",
        "CVE-2017-0319",
        "CVE-2017-0320",
        "CVE-2017-0321",
        "CVE-2017-0322",
        "CVE-2017-0323",
        "CVE-2017-0324"
      );
    
      script_name(english:"NVIDIA Windows GPU Display Driver 375.x < 376.67 / 378.x < 378.52 Multiple Vulnerabilities");
      script_summary(english:"Checks the driver version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A display driver installed on the remote Windows host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of the NVIDIA GPU display driver installed on the remote
    Windows host is 375.x prior to 376.67 or 378.x prior to 378.52.
    It is, therefore, affected by multiple vulnerabilities :
    
      - Multiple overflow conditions exist in the kernel mode
        layer handler (nvlddmkm.sys) for DxgkDdiEscape due to a
        failure to properly calculate the input buffer size. A
        local attacker can exploit these to cause a denial of
        service condition or the execution of arbitrary code.
        (CVE-2017-0308, CVE-2017-0324)
    
      - Multiple integer overflow conditions exist in the kernel
        mode layer handler that allow a local attacker to cause
        a denial of service condition or the execution of
        arbitrary code. (CVE-2017-0309)
    
      - A flaw exists in the kernel mode layer handler due to
        improper access controls that allows a local attacker to
        cause a denial of service condition. (CVE-2017-0310)
    
      - A flaw exists in the kernel mode layer handler due to
        improper access controls that allows a local attacker to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-0311)
    
      - An overflow condition exists in the kernel mode layer
        handler for DxgDdiEscape ID 0x100008B due to improper
        validation of input before setting the limits for a
        loop. A local attacker can exploit this to cause a
        denial of service condition or potentially gain elevated
        privileges. (CVE-2017-0312)
    
      - Multiple out-of-bounds write flaws exist within the
        DxgkDdiSubmitCommandVirtual() function in the kernel
        mode layer handler due to improper validation of certain
        size and length values. A local attacker can exploit
        these to cause a denial of service condition or the
        execution of arbitrary code. (CVE-2017-0313,
        CVE-2017-0314)
    
      - A flaw exists in the kernel mode layer handler for
        DxgkDdiEscape due to accessing an invalid object
        pointer that allows a local attacker to execute
        arbitrary code. (CVE-2017-0315)
    
      - A flaw exists in the NVIDIA GPU and GeForce Experience
        Installer due to improper file permissions on the
        package extraction path. A local attacker can exploit
        this to manipulate extracted files and thereby
        potentially gain elevated privileges. (CVE-2017-0317)
    
      - Multiple flaws exist in the kernel mode layer handler due
        to improper handling of unspecified values that allow a
        local attacker to cause a denial of service condition.
        (CVE-2017-0319, CVE-2017-0320)
    
      - Multiple NULL pointer dereference flaws exist in the
        kernel mode layer handler due to improper validation of
        certain input. A local attacker can exploit these to
        cause a denial of service condition or potentially
        execute arbitrary code. (CVE-2017-0321, CVE-2017-0323)
    
      - An array-indexing error exists in the kernel mode layer
        handler due to improper validation of certain input. A
        local attacker can exploit this to cause a denial of
        service condition or gain elevated privileges.
        (CVE-2017-0322)");
      script_set_attribute(attribute:"see_also", value:"http://nvidia.custhelp.com/app/answers/detail/a_id/4398");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the NVIDIA graphics driver to version 376.67 / 378.52 or
    later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24");
    
      script_set_attribute(attribute:"plugin_type",value:"local");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:nvidia:gpu_driver");
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
    
      script_dependencies("wmi_enum_display_drivers.nbin");
      script_require_keys("WMI/DisplayDrivers/NVIDIA", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    kb_base = 'WMI/DisplayDrivers/';
    
    # double check in case optimization is disabled
    kbs = get_kb_list(kb_base + '*/Name');
    if (isnull(kbs)) exit(0, 'No display drivers were found.');
    
    report = '';
    
    foreach kb (keys(kbs))
    {
      name = kbs[kb];
      # only check NVIDIA drivers
      if ("NVIDIA" >!< name) continue;
    
      nvidia_found = TRUE;
      id = kb - kb_base - '/Name';
      version = get_kb_item_or_exit(kb_base + id + '/Version');
      driver_date = get_kb_item_or_exit(kb_base + id + '/DriverDate');
    
      disp_driver_date = driver_date;
    
      # convert to something we can pass to ver_compare (YYYY.MM.DD)
      driver_date = split(driver_date, sep:'/', keep:FALSE);
      driver_date = driver_date[2] + '.' + driver_date[0] + '.' + driver_date[1];
    
      fix = '';
      note = '';
    
      # R375 Branch includes 375.x, 376.x
      if (version =~ "^37[56]\." && "Tesla" >!< name && ver_compare(ver:version, fix:"376.67", strict:FALSE) == -1)
        fix = '376.67';
      if (version =~ "^37[56]\." && "Tesla" >< name && ver_compare(ver:version, fix:"376.84", strict:FALSE) == -1)
        fix = '376.84';
    
      # R378 Branch
      if (version =~ "^378\." && ver_compare(ver:version, fix:"378.52", strict:FALSE) == -1)
        fix = '378.52';
    
      if (!empty(fix))
      {
        order = make_list('Device name','Driver version','Driver date','Fixed version');
        report = make_array(
          order[0],name,
          order[1],version,
          order[2],disp_driver_date,
          order[3],fix
          );
    
        if (!empty(note))
        {
          report['Note'] = note;
          order = make_list(order, 'Note');
        }
        report = report_items_str(report_items:report, ordered_fields:order);
      }
    }
    
    if (!nvidia_found) exit(0, 'No NVIDIA display drivers were found.');
    
    if (!empty(report))
      security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
    else
      exit(0, "No vulnerable NVIDIA display drivers were found.");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_057E6616188511E7BB4DA0D3C19BFA21.NASL
    descriptionNVIDIA Unix security team reports : NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id99178
    published2017-04-04
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99178
    titleFreeBSD : NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler (057e6616-1885-11e7-bb4d-a0d3c19bfa21)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99178);
      script_version("3.7");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2017-0309", "CVE-2017-0310", "CVE-2017-0311", "CVE-2017-0318", "CVE-2017-0321");
    
      script_name(english:"FreeBSD : NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler (057e6616-1885-11e7-bb4d-a0d3c19bfa21)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "NVIDIA Unix security team reports :
    
    NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode
    layer handler where multiple integer overflows, improper access
    control, and improper validation of a user input may cause a denial of
    service or potential escalation of privileges."
      );
      # http://nvidia.custhelp.com/app/answers/detail/a_id/4398
      script_set_attribute(
        attribute:"see_also",
        value:"https://nvidia.custhelp.com/app/answers/detail/a_id/4398"
      );
      # https://vuxml.freebsd.org/freebsd/057e6616-1885-11e7-bb4d-a0d3c19bfa21.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dd7c734e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nvidia-driver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nvidia-driver-304");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nvidia-driver-340");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"nvidia-driver<375.39")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"nvidia-driver-340<340.102")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"nvidia-driver-304<304.135")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");