NVIDIA Windows GPU Display Driver Vulnerability in Kernel Mode Layer
CVE-2016-8816

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Quadro, Nvs, Geforce, Grid And Tesla
Vendor: CVE Published:; 16 December 2016

Summary

The NVIDIA Windows GPU Display Driver is susceptible to an improper input validation vulnerability within the kernel mode layer (nvlddmkm.sys), specifically in the handler for DxgDdiEscape. This flaw allows an attacker to pass a user-supplied value to the driver, which is used unsafely as an index for an array. This can result in system instability or could be exploited to escalate privileges within the system.

Affected Version(s)

Quadro, NVS, GeForce, GRID and Tesla All

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4257

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95051

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2016
Vulnerability Reserved
Oct 18, 2016