CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GoogleProjectZero•added 2017/02/14 12:0 a.m.•13 views

Attacking the Windows NVIDIA Driver

Posted by Oliver Chang Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU e.g. the Chrome GPU process. In this blog post we’ll take a look at attacking the NVIDIA kernel mode Windows drivers,...

8.4AI score

Exploits0

Nvidia•added 2017/02/14 12:0 a.m.•47 views

Security Bulletin: NVIDIA GPU Display Driver contains multiple vulnerabilities in the kernel mode layer handler

Vulnerability Details The following sections summarize the vulnerabilities and list their CVSS risk assessments. CVE-2017-0308 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where untrusted input used for buffer size...

7.2CVSS3AI score0.01573EPSS

Exploits2Affected Software5

FreeBSD•added 2017/02/14 12:0 a.m.•34 views

NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler

NVIDIA Unix security team reports: NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where multiple integer overflows, improper access control, and improper validation of a user input may cause a denial of service or potential escalation of privileges...

8.8CVSS7.2AI score0.00389EPSS

Exploits0References1

CNVD•added 2017/02/10 12:0 a.m.•4 views

QEMU 'virtio-gpu-3d.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. QEMU suffers from a denial of service vulnerability. An attacker can exploit this vulnerability to cause a QEMU instance to crash, resulting i...

6.5CVSS8.7AI score0.00393EPSS

Exploits0References1

CVE-2017-0429

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

7.8CVSS6.1AI score

CVE-2017-0428

7.8CVSS6.1AI score

NVD•added 2017/02/08 3:59 p.m.•20 views

CVE-2017-0429

9.3CVSS7.3AI score0.00908EPSS

NVD•added 2017/02/08 3:59 p.m.•21 views

CVE-2017-0428

9.3CVSS7.3AI score0.00908EPSS

UbuntuCve•added 2017/02/08 3:59 p.m.•21 views

CVE-2017-0428

Exploits0References2

7.8CVSS7.5AI score0.00908EPSS

UBUNTU-CVE-2017-0428

Exploits0References3

Prion•added 2017/02/08 3:59 p.m.•23 views

Privilege escalation

UbuntuCve•added 2017/02/08 3:59 p.m.•21 views

CVE-2017-0429

Exploits0References2

7.8CVSS7.5AI score0.00908EPSS

UBUNTU-CVE-2017-0429

Exploits0References3

Prion•added 2017/02/08 3:59 p.m.•14 views

Privilege escalation

CVE•added 2017/02/08 3:0 p.m.•66 views

CVE-2017-0429

CVE-2017-0429 is an elevation-of-privilege vulnerability in the NVIDIA kernel driver’s i2c-hid component, enabling a local attacker to write arbitrary values to kernel memory and potentially execute code with kernel privileges. Public descriptions tie the issue to the NVIDIA kernel driver on Andr...

9.3CVSS7.2AI score0.00908EPSS

Cvelist•added 2017/02/08 3:0 p.m.•23 views

CVE-2017-0429

7.3AI score0.00908EPSS

CVE•added 2017/02/08 3:0 p.m.•83 views

CVE-2017-0428

CVE-2017-0428 describes an elevation-of-privilege in the NVIDIA GPU driver that could allow a local malicious application to execute arbitrary code in kernel context on Android devices with Kernel-3.10. The Android entry notes an Android ID (A-32401526) and flags the issue as critical due to pote...

9.3CVSS7.2AI score0.00908EPSS

Cvelist•added 2017/02/08 3:0 p.m.•29 views

CVE-2017-0428

7.3AI score0.00908EPSS