Lucene search

[email protected]CVE-2016-4961

HistoryNov 08, 2016 - 8:59 p.m.

CVE-2016-4961

2016-11-0820:59:03

CWE-20

[email protected]

web.nvd.nist.gov

nvidia

quadro

nvs

geforce

nvstreamkms.sys

api layer

cve-2016-4961

denial of service

blue screen crash

vulnerability

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

Affected configurations

NVD

Node

nvidiageforce_experienceRange≤-

AND

nvidiageforce_910mMatch-

nvidiageforce_920mMatch-

nvidiageforce_920mxMatch-

nvidiageforce_930mMatch-

nvidiageforce_930mxMatch-

nvidiageforce_940mMatch-

nvidiageforce_940mxMatch-

nvidiageforce_945mMatch-

nvidiageforce_gt_710Match-

nvidiageforce_gt_730Match-

nvidiageforce_gtx_1050Match-

nvidiageforce_gtx_1060Match-

nvidiageforce_gtx_1070Match-

nvidiageforce_gtx_1080Match-

nvidiageforce_gtx_950mMatch-

nvidiageforce_gtx_960mMatch-

nvidiageforce_gtx_965mMatch-

nvidianvs_310Match-

nvidianvs_315Match-

nvidianvs_510Match-

nvidianvs_810Match-

nvidiaquadro_k1200Match-

nvidiaquadro_k420Match-

nvidiaquadro_k620Match-

nvidiaquadro_m1000mMatch-

nvidiaquadro_m2000Match-

nvidiaquadro_m2000mMatch-

nvidiaquadro_m3000mMatch-

nvidiaquadro_m4000Match-

nvidiaquadro_m4000mMatch-

nvidiaquadro_m5000Match-

nvidiaquadro_m5000mMatch-

nvidiaquadro_m500mMatch-

nvidiaquadro_m5500Match-

nvidiaquadro_m6000Match-

nvidiaquadro_m600mMatch-

nvidiaquadro_p5000Match-

nvidiaquadro_p6000Match-

nvidiatitan_xMatch-

CPENameOperatorVersion
nvidia:geforce_experiencenvidia geforce experiencele-

CPE	Name	Operator	Version
nvidia:geforce_experience	nvidia geforce experience	le	-

CNA Affected

[
  {
    "product": "Quadro, NVS, GeForce (all versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Quadro, NVS, GeForce (all versions)"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/4213

www.securityfocus.com/bid/93251

support.lenovo.com/us/en/product_security/ps500070

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2016-4961

prion1 cvelist1 nvd1 nvidia1 lenovo4 nessus1