CVE-2017-6266

CVE-2017-6266 affects the NVIDIA GPU Display Driver’s kernel mode layer handler, where improper access controls could allow unprivileged users to cause a denial of service. Connected advisories note related CVEs (6267, 6272) and indicate upstream fixes; for example, Arch Linux ASA-201709-22 fixes...

CVE-2017-6269

CVE-2017-6269 affects the NVIDIA Windows GPU Display Driver, specifically the kernel mode layer handler nvlddmkm.sys for DxgkDdiEscape. The issue arises when a pointer passed from user mode is used without validation, which may enable denial of service or elevation of privileges. Public sources c...

CVE-2017-6267

NVIDIA GPU Display Driver kernels-mode layer handler contains a vulnerability (CVE-2017-6267) where improper initialization of internal objects can cause an infinite loop, leading to denial of service. The issue affects NVIDIA graphics drivers; Arch Linux ASAs and related advisories note the fixe...

CVE-2017-6268

NVIDIA Windows GPU Display Driver (nvlddmkm.sys) contains a vulnerability in the DxgkDdiEscape handler where a user-supplied value is not validated before being used as an array index, potentially causing denial of service or privilege escalation. Root cause: improper validation of user input pas...

CVE-2017-6270

The CVE-2017-6270 issue affects the NVIDIA Windows GPU Display Driver, specifically the kernel mode layer handler DxgkDdiCreateAllocation. Untrusted user input is used as a divisor without validation during a calculation, which may lead to division-by-zero and denial of service. Impact is limited...

CVE-2017-6271

CVE-2017-6271 affects the NVIDIA Windows GPU Display Driver, specifically the kernel mode layer handler DxgkDdiCreateAllocation in nvlddmkm.sys. The vulnerability arises when untrusted user input is used as a factor/ divisor without validation during processing of block linear information, which ...

CVE-2017-6272

CVE-2017-6272 affects the NVIDIA GPU Display Driver, specifically the kernel mode layer handler. The vulnerability arises when a value provided by a user is not properly validated before being used as an index into an internal array, potentially enabling denial of service or privilege escalation....

CVE-2017-6277

CVE-2017-6277 affects the NVIDIA Windows GPU Display Driver, specifically the kernel-mode handler nvlddmkm.sys for DxgkDdiEscape. The issue arises from a user-supplied value not being validated before it is used as an index into an array, potentially causing denial of service or a possible escala...

CVE-2017-6277

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of...

UBUNTU-CVE-2017-6267

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service...

UBUNTU-CVE-2017-6272

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges...

UBUNTU-CVE-2017-6266

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service...

Security Bulletin: NVIDIA GPU contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-6269 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a pointer passed from ...

USN-3414-1 qemu vulnerabilities

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. CVE-2017-7493 Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

NVIDIA Linux GPU Display Driver 375.8x < 375.82 / 375.7x < 375.74 / 384.x < 384.59 Multiple Vulnerabilities

Nvidia GPU Display driver vulnerabilities may lead to denial of service or possible escalation of Privileges. To exploit these vulnerabilities an attacker would send a malicious request to an affected application or interact with an affected application. If successfully exploited, these...

NVIDIA Windows GPU Display Driver 375.x < 377.55 / 384.x < 384.94 / 385.x < 385.08 Multiple Vulnerabilities

Nvidia GPU Display driver vulnerabilities may lead to denial of service or possible escalation of Privileges. To exploit these vulnerabilities an attacker would send a malicious request to an affected application or interact with an affected application. If successfully exploited, these...

USN-3392-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression

USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a...