Lucene search

[email protected]CVE-2016-8812

HistoryNov 08, 2016 - 8:59 p.m.

CVE-2016-8812

2016-11-0820:59:25

CWE-119

[email protected]

web.nvd.nist.gov

nvidia

quadro

nvs

geforce

vulnerability

stack buffer overflow

denial of service

escalation of privileges

cve-2016-8812

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.

Affected configurations

NVD

Node

nvidiageforce_experienceRange≤-

AND

nvidiageforce_910mMatch-

nvidiageforce_920mMatch-

nvidiageforce_920mxMatch-

nvidiageforce_930mMatch-

nvidiageforce_930mxMatch-

nvidiageforce_940mMatch-

nvidiageforce_940mxMatch-

nvidiageforce_945mMatch-

nvidiageforce_gt_710Match-

nvidiageforce_gt_730Match-

nvidiageforce_gtx_1050Match-

nvidiageforce_gtx_1060Match-

nvidiageforce_gtx_1070Match-

nvidiageforce_gtx_1080Match-

nvidiageforce_gtx_950mMatch-

nvidiageforce_gtx_960mMatch-

nvidiageforce_gtx_965mMatch-

nvidianvs_310Match-

nvidianvs_315Match-

nvidianvs_510Match-

nvidianvs_810Match-

nvidiaquadro_k1200Match-

nvidiaquadro_k420Match-

nvidiaquadro_k620Match-

nvidiaquadro_m1000mMatch-

nvidiaquadro_m2000Match-

nvidiaquadro_m2000mMatch-

nvidiaquadro_m3000mMatch-

nvidiaquadro_m4000Match-

nvidiaquadro_m4000mMatch-

nvidiaquadro_m5000Match-

nvidiaquadro_m5000mMatch-

nvidiaquadro_m500mMatch-

nvidiaquadro_m5500Match-

nvidiaquadro_m6000Match-

nvidiaquadro_m600mMatch-

nvidiaquadro_p5000Match-

nvidiaquadro_p6000Match-

nvidiatitan_xMatch-

CPENameOperatorVersion
nvidia:geforce_experiencenvidia geforce experiencele-

CPE	Name	Operator	Version
nvidia:geforce_experience	nvidia geforce experience	le	-

CNA Affected

[
  {
    "product": "Quadro, NVS, and GeForce (all versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Quadro, NVS, and GeForce (all versions)"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/4247

www.securityfocus.com/bid/93986

www.exploit-db.com/exploits/40660/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for CVE-2016-8812

cvelist1 zdt1 nvd1 prion1 nessus1 nvidia1 lenovo2