Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500058-NVIDIA-WINDOWS-PRIVILEGE-DELEGATION-ESCALATION-NOSID
HistoryJun 27, 2016 - 12:00 a.m.

NVIDIA Windows Privilege Delegation Escalation - Lenovo Support US

2016-06-2700:00:00
support.lenovo.com
9

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

JSON

Lenovo Security Advisory: LEN-2015-008 **Potential Impact:**Escalation of Privilege Severity: Medium

Summary:
The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases.

Description:
This vulnerability can only be exploited by a user with local access to the machine. Under certain conditions, a local user on the system can use improper impersonation behaviors of NVIDIA driver API’s to access resources that are intended for kernel access only. Under these conditions, this behavior may lead to privilege escalation of the local user account, leading to a system compromise.
This vulnerability affects all GPUs with Windows XP, Windows Vista, Windows 7, and Windows Server 2008/2008 R2 systems using NVIDIA GPU Display Driver components, or derived packages which use NVIDIA GPU Display Driver components.
Because Windows XP is no longer supported by Microsoft, NVIDIA will not be releasing an updated driver. For Windows Vista, we recommend installing the NVIDIA reference driver. Windows 8 and later Windows operating systems are not vulnerable due to changes in the implementation of the kernel function which the driver relies on for the security check.

Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo is currently qualifying the updated NVIDIA driver across all applicable impacted products… The updated driver will be posted to the Lenovo Support site for affected products as qualification testing is completed. Review the Product Impact section below for the list of affected products. Once the driver has been qualified for the affected product, you will be able to link directly to the driver download page. You should visit this security advisory often to find links to the latest qualified driver for your product.
If this vulnerability puts you at an unacceptable level of risk and you want to mitigate before the Lenovo-certified driver is available for your product, you can visit the NVIDIA security webpage (www.nvidia.com/security) to download and install the reference driver. Please be aware that the reference driver has not been qualified by Lenovo. If you experience problems as a result of installing the driver from the NVIDIA support site, please contact NVIDIA directly. When the Lenovo-certified driver is available for download from the Lenovo Support site, Lenovo recommends that you uninstall the NVIDIA reference driver, and upgrade to the Lenovo Support site version.

Product Affected

Click to expand for more info

arThinkStation

System | Status | Minimum version of Nvidia Display Driver
including Fix | Link
—|—|—|—
ThinkStation C30
(type 1095, 1096, 1097) | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-c-series-workstations/thinkstation-c30?c=1&gt;
ThinkStation C30
(type 1136, 1137) | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-c-series-workstations/thinkstation-c30?c=1&gt;
ThinkStation D30
(type 4223, 4228, 4229) | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-d-series-workstations/thinkstation-d30?c=1&gt;
ThinkStation D30
(type 4353, 4354) | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-d-series-workstations/thinkstation-d30?c=1&gt;
ThinkStation E31 | Affected | 9.18.13.4144 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-e-series-workstations/thinkstation-e31?c=1&gt;
ThinkStation E32 | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-e-series-workstations/thinkstation-e32?c=1&gt;
ThinkStation P300 | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p300?c=1&gt;
ThinkStation P500 | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p500?c=1&gt;
ThinkStation P700 | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p700?c=1&gt;
ThinkStation P900 | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p900?c=1&gt;
ThinkStation S30 | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30?c=1&gt;
ThinkStation S30 | Affected | 341.44 | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30?c=1&gt;

arThinkServer & Storage

Note: If you have added an NVIDIA graphics card to your system, you may be affected by this security vulnerability and should take the actions necessary to protect yourself.

System | Status | Minimum version of Nvidia Display Driver
including Fix | Link
—|—|—|—
ThinkServer RD330 | Not affected | | −
ThinkServer RD340 | Not affected | | −
ThinkServer RD350 | Not affected | | −
ThinkServer RD430 | Not affected | | −
ThinkServer RD440 | Not affected | | −
ThinkServer RD450 | Not affected | | −
ThinkServer RD530 | Not affected | | −
ThinkServer RD540 | Not affected | | −
ThinkServer RD550 | Not affected | | −
ThinkServer RD630 | Not affected | | −
ThinkServer RD640 | Not affected | | −
ThinkServer RD650 | Not affected | | −
ThinkServer RS140 | Not affected | | −
ThinkServer TD340 | Affected | 321.19/341.44 | <http://support.lenovo.com/us/en/products/servers/thinkserver-tower-servers/thinkserver-td340?c=1&gt;
ThinkServer TD350 | Not affected | | −
ThinkServer TS130 | Affected | 321.19/341.44 | <http://support.lenovo.com/us/en/products/servers/thinkserver-tower-servers/thinkserver-ts130?c=1&gt;
ThinkServer TS140 | Affected | 321.19/341.44 | <http://support.lenovo.com/us/en/products/servers/thinkserver-tower-servers/thinkserver-ts140?c=1&gt;
ThinkServer TS240 | Affected | 321.19 | <http://support1.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=61165&gt;
ThinkServer TS430 | Not affected | | −
ThinkServer TS440 | Affected | 321.19/341.44 | <http://support.lenovo.com/us/en/products/servers/thinkserver-tower-servers/thinkserver-ts440?c=1&gt;
ThinkServer TS540 | Affected | 321.19 | <http://support1.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=61165&gt;

arThinkPad

Note: If you have added an NVIDIA graphics card to your system, you may be affected by this security vulnerability and should take the actions necessary to protect yourself.

System | Status | Minimum version of Nvidia Display Driver
including Fix | Link
—|—|—|—
ThinkPad E450/E450c | Not affected | − | −
ThinkPad E550/E550c | Not affected | − | −
ThinkPad Edge E130 | Not affected | − | −
ThinkPad Edge E145 | Not affected | − | −
ThinkPad Edge E330 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad Edge E430/E530 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad Edge E431/E531 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad Edge E440/E540 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad Edge E455/E555 | Not affected | − | −
ThinkPad Helix | Not affected | − | −
ThinkPad L430 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad L530 | Not affected | − | −
ThinkPad L440 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-l-series-laptops/thinkpad-l440?c=1&gt;
ThinkPad L540 | Not affected | − | −
ThinkPad L450 | Not affected | − | −
ThinkPad S1 Yoga (Non-vPro) | Not affected | − | −
ThinkPad S1 Yoga (vPro) | Not affected | − | −
ThinkPad S3 Yoga 14 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad S5 Yoga 15 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad S430 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad S431 | Not affected | − | −
ThinkPad S440 | Not affected | − | −
ThinkPad S531 | Not affected | − | −
ThinkPad S540 | Not affected | − | −
ThinkPad T430 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T430s | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T430u | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430u&gt;
ThinkPad T431s | Not affected | − | −
ThinkPad T440/T440s | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T440p | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T450 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T450s | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T530 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T540p | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad T550 | Not affected | − | −
ThinkPad Tablet 10 (32-bit) | Not affected | − | −
ThinkPad Tablet 10 (64-bit) | Not affected | − | −
ThinkPad Tablet 2 | Not affected | − | −
ThinkPad Tablet 8 (32-bit) | Not affected | − | −
ThinkPad Tablet 8 (64-bit | Not affected | − | −
ThinkPad Twist/Edge S230 | Not affected | − | −
ThinkPad W530 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad W540 | Affected | 9.18.13.4520 | <http://support.lenovo.com/us/en/downloads/DS033666&gt;
ThinkPad W550s | Not affected | − | −
ThinkPad X1 Carbon (20A7,20A8) | Not affected | − | −
ThinkPad X1 Carbon (34xx) | Not affected | − | −
ThinkPad X131e (AMD) | Not affected | − | −
ThinkPad X131e (Intel) | Not affected | − | −
ThinkPad X140e (AMD) | Not affected | − | −
ThinkPad X230 | Not affected | − | −
ThinkPad X230s | Not affected | − | −
ThinkPad X230t | Not affected | − | −
ThinkPad X240/X240s | Not affected | − | −
ThinkPad Yoga 11e | Not affected | − | −

arThinkCentre

Note: If you have added an NVIDIA graphics card to your system, you may be affected by this security vulnerability and should take the actions necessary to protect yourself.

System | Status | Minimum version of Nvidia Display Driver
including Fix | Link
—|—|—|—
ThinkCentre E73 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre E73Z | Not Affected | − | −
ThinkCentre E93 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre E93Z | Affected | 9.18.13.4752 | <http://support.lenovo.com/us/en/downloads/DS102509&gt;
ThinkCentre Edge 62z | Not affected | − | −
ThinkCentre Edge 72 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre Edge 72z | Not affected | − | −
ThinkCentre Edge 91 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre Edge 92 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre Edge 92z | Not affected | − | −
ThinkCentre M62Z | Not affected | − | −
ThinkCentre M72e (Ivy) | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M72e (PCI) | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M72e (Tiny) | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M72z | Not affected | | −
ThinkCentre M73 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M73 Tiny | Not affected | − | −
ThinkCentre M73Z | Not affected | − | −
ThinkCentre M78 (type 1562, 1565, 1662, 1663, 1766, 2111, 2113, 2114, 4860, 4863, 4865, 4866, 5100) | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M78 (type 10BN, 10BQ, 10BR, 10BS, 10BT, 10BU) | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M71e | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M77 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M80 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M81 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M82 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M83 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M83Z | Not affected | − | −
ThinkCentre M90 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M90p | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M91 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M91P | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M92 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M92P | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M92Z | Not affected | − | −
ThinkCentre M93 | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M93P | Affected | 347.52 | http://support.lenovo.com/us/en/downloads/DS041866
ThinkCentre M93P Tiny | Not affected | − | −
ThinkCentre M93Z | Not affected | − | −

arSoftware

Application Status
Delopy Manager Not affected
Diagnostic Not affected
Easy Manager Not affected
Easy Updater Not affected
Energy manager Not affected
OSPUT Not affected
Partner Pack Not affected
Power Planner Not affected
TSMCLI Not affected

arLenovo EMC

System Status
LenovoEMC EZ Media & Backup (hm3) Not affected
LenovoEMC Home Media Cloud Edition (hm2) Not affected
LenovoEMC ix12-300r Not affected
LenovoEMC ix2 (inc DL) Not affected
LenovoEMC ix2-200 Not affected
LenovoEMC ix2-200 Cloud Edition Not affected
LenovoEMC ix4-200d Not affected
LenovoEMC ix4-200d (2.1.x firmware) Not affected
LenovoEMC ix4-200d Cloud Edition Not affected
LenovoEMC ix4-300d (inc DL) Not affected
LenovoEMC px12-350r Not affected
LenovoEMC px12-400r Not affected
LenovoEMC px12-450r Not affected
LenovoEMC px2-300d (inc NVR) Not affected
LenovoEMC px4-300d (inc NVR) Not affected
LenovoEMC px4-300r Not affected
LenovoEMC px4-400d (inc NVR) Not affected
LenovoEMC px4-400r Not affected
LenovoEMC px6-300d Not affected

**Acknowledgements:**None

Other information and references:

Revision History:

Revision

|

Date

|

Description

—|—|—
1.5 | 2015-07-15 | Publish additional fixes
1.4 | 2015-06-30 | Publish additional fixes
1.3 | 2015-05-17 | Publish additional fixes
1.2 | 2015-03-25 | Publish additional fixes
1.1 | 2015-03-17 | Publish additional fixes
1.0 | 2015-03-03 | Initial release

Related

lenovo 1
nessus 1
ibm 1
ubuntucve 1
prion 1
cve 1
nvidia 1
lenovo
lenovo
NVIDIA Windows Privilege Delegation Escalation
2016-06-27 00:00:00
nessus
nessus
NVIDIA Graphics Driver Local Privilege Escalation
2015-04-02 00:00:00
ibm
ibm
Security Bulletin: Windows Privilege Impersonation Check affects NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x servers (CVE-2015-1170)
2023-04-18 18:22:18
ubuntucve
ubuntucve
CVE-2015-1170
2015-03-06 00:00:00
prion
prion
Code injection
2015-03-06 23:59:00
cve
cve
CVE-2015-1170
2015-03-06 23:59:00
nvidia
nvidia
Security Bulletin: Vulnerabilities in NVIDIA Windows GPU Display Driver and NVIDIA GeForce Experience
2016-10-28 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for LENOVO:PS500058-NVIDIA-WINDOWS-PRIVILEGE-DELEGATION-ESCALATION-NOSID
lenovo1nessus1ibm1ubuntucve1prion1cve1nvidia1