The following sections summarize the vulnerabilities and CVSS risk assessments.
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.7
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:X
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where the size of an input buffer is not validated, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where a pointer passed from a user to the driver is used without validation, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where improper input parameter handling may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to a denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
CVSS Base Score 8.8
CVSS Temporal Score 7.9
CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to a denial of service.
CVSS Base Score: 6.1
CVSS Temporal Score: 5.5
CVSS Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.
CVSS Base Score: 5.6
CVSS Temporal Score: 5.1
CVSS Vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIAβs risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesnβt know of any exploits to these issues at this time.