CVE-2017-0316

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Geforce Experience
Vendor: CVE Published:; 16 October 2017

Summary

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

Affected Version(s)

GeForce Experience 3.x

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4560

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2017
Vulnerability Reserved
Nov 23, 2016