9730 matches found
CVE-2017-0314
CVE-2017-0314 affects the NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in the kernel-mode layer for the SubmitCommandVirtual DDI. Untrusted input can reference memory outside the intended buffer boundary, leading to denial of service or elevation of privileges . The description indicates the ...
CVE-2017-0310
CVE-2017-0310 involves the NVIDIA GPU Display Driver’s kernel-mode layer handler, where improper access controls allow an unprivileged user to trigger a denial of service. The Initial Description notes vulnerability across all driver versions. Connected documents corroborate a local-impact kernel...
CVE-2017-0323
CVE-2017-0323 affects NVIDIA Windows GPU Display Driver. The provided documents describe a vulnerability in the kernel-mode layer handler (nvlddmkm.sys) where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential privilege escalation. The incident is d...
CVE-2017-0321
CVE-2017-0321 affects NVIDIA GPU Display Driver kernels in both Linux and Windows, caused by a NULL pointer dereference in the kernel mode layer handler when given invalid user input. The vulnerability may allow a local attacker to cause a denial of service and potentially escalate privileges. Pu...
CVE-2017-0317
CVE-2017-0317 concerns the NVIDIA GPU and GeForce Experience installer on Windows. The vulnerability arises from improper permissions on the package extraction path, which could allow a non-privileged user to tamper with extracted files and potentially escalate to code execution. The connected Ne...
CVE-2017-0313
CVE-2017-0313 affects the NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual). The issue is an out-of-bounds/read/write condition caused by untrusted input referencing memory outside the buffer, leading to denial of service or local privi...
CVE-2017-0312
The CVE-2017-0312 issue affects the NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in the DxgkDdiEscape handler for ID 0x100008b. A user-supplied value is used as the loop limit, enabling denial of service or potential privilege escalation. Affected driver branches include 375.x (prior to 376.6...
CVE-2017-0310
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service...
CVE-2017-0309
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges...
CVE-2017-0318
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system...
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission
NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments...
QEMU Denial of Service Vulnerability (CNVD-2017-01853)
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in the 'virtio-gpu-3d.c' file in QEMU. An attacker can exploit this vulnerability to cause a QEMU...
QEMU Denial of Service Vulnerability (CNVD-2017-01851)
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in the 'virtio-gpu.c' file in QEMU. An attacker can exploit this vulnerability to cause a QEMU instan...
UBUNTU-CVE-2017-0318
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system...
Security Bulletin: NVIDIA GPU Display Driver contains multiple vulnerabilities in the kernel mode layer handler
Vulnerability Details The following sections summarize the vulnerabilities and list their CVSS risk assessments. CVE-2017-0308 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where untrusted input used for buffer size...
Attacking the Windows NVIDIA Driver
Posted by Oliver Chang Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU e.g. the Chrome GPU process. In this blog post we’ll take a look at attacking the NVIDIA kernel mode Windows drivers,...
NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler
NVIDIA Unix security team reports: NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...
QEMU 'virtio-gpu-3d.c' Denial of Service Vulnerability
QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. QEMU suffers from a denial of service vulnerability. An attacker can exploit this vulnerability to cause a QEMU instance to crash, resulting i...
CVE-2017-0428
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2017-0429
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...