ID CVE-2016-8815
Summary All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*
    cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 24-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-129
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 95053
confirm http://nvidia.custhelp.com/app/answers/detail/a_id/4257
Last major update 24-12-2016 - 02:59
Published 16-12-2016 - 21:59
Last modified 24-12-2016 - 02:59
Back to Top