CVE-2016-8814 - All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (

CVE-2016-8814

Summary

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4257
http://www.securityfocus.com/bid/95054

Vulnerable Configurations

cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 24-12-2016 - 02:59)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	95054
confirm	http://nvidia.custhelp.com/app/answers/detail/a_id/4257

Last major update

24-12-2016 - 02:59

Published

16-12-2016 - 21:59

Last modified

24-12-2016 - 02:59