ID CVE-2018-6249
Summary NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
References
Vulnerable Configurations
  • NVIDIA GPU Driver
    cpe:2.3:a:nvidia:gpu_driver
  • FreeBSD
    cpe:2.3:o:freebsd:freebsd
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • cpe:2.3:o:oracle:solaris
    cpe:2.3:o:oracle:solaris
CVSS
Base: 7.2
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family Misc.
    NASL id NVIDIA_UNIX_CVE_2018_6248.NASL
    description The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 111106
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111106
    title NVIDIA Linux GPU Display Driver Multiple Vulnerabilities
  • NASL family Windows
    NASL id NVIDIA_WIN_CVE_2018_6248.NASL
    description The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 111107
    published 2018-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111107
    title NVIDIA Linux GPU Display Driver Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-991.NASL
    description NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. (CVE-2018-6247) NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges. (CVE-2018-6248) NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. (CVE-2018-6249) NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs, which may lead to denial of service or possible escalation of privileges. (CVE-2018-6250) NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution. (CVE-2018-6251) NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary for production usage, and which may result in denial of service. (CVE-2018-6252) NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. (CVE-2018-6253)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 108852
    published 2018-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108852
    title Amazon Linux AMI : nvidia (ALAS-2018-991)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3662-1.NASL
    description It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110226
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110226
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : nvidia-graphics-drivers-384 vulnerabilities (USN-3662-1)
refmap via4
confirm http://nvidia.custhelp.com/app/answers/detail/a_id/4649
ubuntu USN-3662-1
Last major update 02-04-2018 - 12:29
Published 02-04-2018 - 12:29
Last modified 30-05-2018 - 21:29
Back to Top