Security Bulletin: Windows Privilege Impersonation Check affects NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x servers (CVE-2015-1170)

Summary The NVIDIA Windows Server 2008 and 2008 R2 Display Driver's kernel administrator check improperly validates local client impersonation levels in some cases when using the NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x Servers. NVIDIA's PCIe cards are...

CVE-2016-8810

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without...

Stack overflow

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without...

Design/Logic Flaw

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without...

Input validation

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial ...

Design/Logic Flaw

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without...

Design/Logic Flaw

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without...

CVE-2016-7389

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R36193 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer nvidia.ko handler for mmap where improper inpu...

CVE-2016-7384

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of...

CVE-2016-8808

CVE-2016-8808 affects NVIDIA Windows GPU Display Driver on Quadro, NVS, and GeForce Windows systems. The vulnerability lies in the kernel-mode driver nvlddmkm.sys in the DxgDdiEscape handler, where an input value from user space is used as an index into an internal array without proper validation...

CVE-2016-7381

Summary (CVE-2016-7381 family) : NVIDIA Windows GPU Display Driver on Quadro, NVS, and GeForce (drivers in the 340.x/341.x/342.x line before 342.00 and 375.x before 375.63) contains a vulnerability in the kernel-mode nvlddmkm.sys handling of DxgDdiEscape where an input value used to index an inte...

CVE-2016-7383

CVE-2016-7383 affects NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in Quadro/NVS/GeForce on Windows. The vulnerability is in a memory-mapping API handler in the kernel-mode layer, enabling denial of service or potential privilege escalation. It is associated with driver versions: R340 before ...

CVE-2016-8811

CVE-2016-8811 affects NVIDIA Windows GPU Display Driver (nvlddmkm.sys) in Quadro/NVS/GeForce lines. The kernel-mode handler for DxgDdiEscape 0x7000170 does not validate input buffer size, enabling denial of service or potential privilege escalation. Public references describe multiple related iss...

CVE-2016-7390

CVE-2016-7390 affects NVIDIA Windows GPU Display Driver (nvlddmkm.sys) for Quadro/NVS/GeForce. The kernel-mode DxgDdiEscape handler for ID 0x7000194 uses a user-supplied value as an index into an internal array without validation, enabling denial of service or potential privilege escalation. Affe...

CVE-2016-8808

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without...

CVE-2016-8805

CVE-2016-8805 affects NVIDIA Windows GPU Display Driver in the kernel mode layer (nvlddmkm.sys) for Quadro, NVS, and GeForce on Windows. The vulnerability arises from DxgDdiEscape ID 0x7000014 using a value from user input as an index into an internal array without validation, enabling denial of ...

CVE-2016-8809

CVE-2016-8809 affects NVIDIA Windows GPU Display Driver (Quadro/NVS/GeForce) with vulnerable nvlddmkm.sys DxgDdiEscape handler for 0x70001b2 where the input buffer size is not validated, enabling local denial of service or privilege escalation. Affected driver lines include NVIDIA Windows Display...

CVE-2016-7381

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of...

NVIDIA GPU graphics driver R340 and R352 Kernel Mode Driver layer kernel driver elevation of privilege vulnerability

NVIDIA GPU graphics driver R340 and R352 are both graphics processor GPU drivers for the R340 and R352 series from NVIDIA. A security vulnerability exists in the Escape interface in the Kernel Mode Driver layer of the NVIDIA GPU graphics driver R340 prior to version 341.95 and R352 prior to versi...

Design/Logic Flaw

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service crash, or possibly gain privileges via unspecified vectors,...