The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where a pointer passed from a user to the driver is used without validation, which may lead to denial of service or potential escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 8.2
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys
) handler for DxgkDdiEscape
where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or possible escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to a denial of service or possible escalation of privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop, which may lead to a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS V3 Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation
where untrusted user input is used as a divisor without validation during a calculation, which may lead to a possible division by zero and denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation
where untrusted user input is used as a divisor without validation while processing block linear information, which may lead to a possible division by zero and denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration. NVIDIA doesn’t know of any exploits of these issues at this time.