Kernel Mode Driver Vulnerability in NVIDIA GPU Graphics Driver
CVE-2016-2557

8.4HIGH

Key Information:

Vendor: Nvidia
Status: Gpu Driver R340; Gpu Driver R352
Vendor: CVE Published:; 12 April 2016

What is CVE-2016-2557?

The Escape interface in the kernel mode driver layer of NVIDIA GPU graphics drivers prior to specific versions on Windows presents serious risks to system integrity. Local users can exploit this vulnerability to access sensitive information residing in kernel memory, which may lead to unauthorized privilege escalation, application crashes, or denial of service scenarios. The vulnerability arises from potential uninitialized or out-of-bounds memory access, highlighting the need for prompt updates and security patches to mitigate these risks.

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4060

x_refsource_CONFIRM

https://support.lenovo.com/us/en/product_security/len_5551

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2016
Vulnerability Reserved
Feb 24, 2016

Nvidia

What is CVE-2016-2557?

References

CVSS V3.1

Timeline