Local Privilege Escalation in NVIDIA Display Driver Affects Multiple Versions
CVE-2015-1170

Currently unrated

Key Information:

Vendor: Nvidia
Status: Gpu Driver R304; Gpu Driver R346; Gpu Driver R340; Gpu Driver R343
Vendor: CVE Published:; 6 March 2015

What is CVE-2015-1170?

The NVIDIA Display Driver has a vulnerability that fails to adequately verify local client impersonation levels when conducting a kernel administrator check. This oversight allows local users to elevate their privileges to administrator status through various API calls, potentially compromising system security and control.

References

http://marc.info/?l=bugtraq&m=143013598825091&w=2

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1032013

vdb-entryx_refsource_SECTRACK

https://support.lenovo.com/product_security/nvidia_window...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2015
Vulnerability Reserved
Jan 17, 2015

Nvidia

What is CVE-2015-1170?

References

Timeline