NVIDIA Windows GPU Display Vulnerability in Kernel Mode Driver
CVE-2016-8818

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Quadro, Nvs, Geforce, Grid And Tesla
Vendor: CVE Published:; 16 December 2016

Summary

A vulnerability exists in the Windows GPU Display driver (nvlddmkm.sys) where the kernel mode handler for DxgDdiEscape processes an unchecked user pointer. This flaw can allow a user to potentially cause a denial of service or escalate privileges by exploiting the improper validation of data passed to the driver. Users should ensure they have the latest driver updates to mitigate this risk.

Affected Version(s)

Quadro, NVS, GeForce, GRID and Tesla All

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4257

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95056

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2016
Vulnerability Reserved
Oct 18, 2016