Kernel Mode Driver Vulnerability in NVIDIA Quadro, NVS, and GeForce Products
CVE-2016-7385

7.8HIGH

Key Information:

Vendor
Nvidia
Status
Quadro, Nvs, And Geforce (all Versions)
Vendor
CVE Published:
8 November 2016

Summary

A vulnerability has been identified in the NVIDIA Windows GPU Display Driver affecting various Quadro, NVS, and GeForce product lines. The issue arises from improper validation of an index passed from user-mode applications to the driver in the kernel mode layer. Specifically, this flaw occurs within the handler for the DxgDdiEscape function, where a user-supplied value is utilized without adequate checks, leading to scenarios that could enable denial of service attacks or allow unauthorized escalation of privileges. Affected versions include R340 prior to 342.00 and R375 before 375.63, necessitating immediate updates to mitigate exploitation risks.

Affected Version(s)

Quadro, NVS, and GeForce (all ) Quadro, NVS, and GeForce (all versions)

References

https://support.lenovo.com/us/en/solutions/LEN-10822
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/40657/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/93981
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.