Denial of Service and Privilege Escalation Vulnerability in NVIDIA Windows GPU Display Driver
CVE-2016-8813

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Quadro, Nvs, Geforce, Grid And Tesla
Vendor: CVE Published:; 16 December 2016

Summary

The NVIDIA Windows GPU Display Driver contains a flaw in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape. This vulnerability allows for multiple pointers to be processed without appropriate NULL checks, which may result in a denial of service or enable an attacker to escalate privileges on the affected system. Organizations using NVIDIA graphics drivers are urged to check for updates and apply security patches to mitigate the risk of exploitation.

Affected Version(s)

Quadro, NVS, GeForce, GRID and Tesla All

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4257

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95057

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2016
Vulnerability Reserved
Oct 18, 2016