The following sections summarize the vulnerabilities and list their CVSS risk assessments.
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where untrusted input used for buffer size calculation may lead to a denial of service or escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access control may lead to a denial of service or possible escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscapeID 0x100008b
where user-provided input used as the limit for a loop may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) implementation of the SubmitCommandVirtual DDI
(DxgkDdiSubmitCommandVirtual
) function where untrusted input used to reference memory outside of the intended boundary of the buffer may lead to a denial of service or escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) implementation of the SubmitCommandVirtual DDI
(DxgkDdiSubmitCommandVirtual
) function where untrusted input used to reference memory outside of the intended boundary of the buffer may lead to a denial of service or escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where an attempt to access an invalid object pointer may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where the size of an input buffer is not validated, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU and GeForce Experience installer contains a vulnerability where it fails to set proper permissions on the package extraction path, allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges through code execution.
CVSS Base Score: 7.5
CVSS Temporal Score: 6.5
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
NVIDIA Linux GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls allow an unprivileged user to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.
CVSS Base Score: 5.6
CVSS Temporal Score: 5.1
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.
CVSS Base Score: 5.6
CVSS Temporal Score: 5.1
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIAβs risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesnβt know of any exploits to these issues at this time.