NvidiaNVIDIA:4525Security Bulletin: NVIDIA GPU display driver contains multiple vulnerabilities in the kernel mode layer handler
Vulnerability Details
The following sections summarize the vulnerabilities and CVSS risk assessments.
CVE-2017-6251
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.7
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:X
CVE-2017-6252
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6253
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6254
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6255
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where improper input parameter handling may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6256
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6257
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE-2017-6259
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to a denial of service.
CVSS Base Score: 6.1
CVSS Temporal Score: 5.5
CVSS Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
CVE-2017-6260
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.
CVSS Base Score: 5.6
CVSS Temporal Score: 5.1
CVSS Vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIAβs risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesnβt know of any exploits to these issues at this time.
Related
