Multiple vulnerabilities in NVIDIA drivers

1) Privilege Escalation

EUVDB-ID: #VU760

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5852

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local authenticated user to obtain elevated privileges on the target system.

The vulnerability exists due to improper input validation in GFE GameStream and NVTray Plugin. A local user can bypass security restrictions and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system and cause arbitrary code execution.

Mitigation

NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro

Vulnerable software versions

NVS: 340 - 367

Quandro: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:nvs:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU759

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-4959

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to cause DoS conditions on the target system.
The weakness is caused by improper input validation in Remote Desktop component. Attackers can trigger a blue screen crash and kernel null pointer dereference.
Successful exploitations of the vulnerability may result in denial of service on the vulnerable system.

Mitigation

NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro

Vulnerable software versions

Quandro: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

NVS: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:361:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Privilege Escalation

EUVDB-ID: #VU726

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3161

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

Mitigation

NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro

Vulnerable software versions

Quandro: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

NVS: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:361:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of Service

EUVDB-ID: #VU722

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4961

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to trigger DoS conditions on a target system.
The weakness is caused by improper input validation in NVStreamKMS.sys API layer. By impying specially crafted parameters a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Quandro: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of Service

EUVDB-ID: #VU721

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-5025

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated attacker to trigger DoS conditions on a target system.
The weakness is caused by improper input validation in NVAPI support layer. By impying specially crafted data a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

NVS: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

Quandro: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:nvs:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Privilege escalation

EUVDB-ID: #VU720

Risk: Medium

CVSSv3.1: 8.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2016-4960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to obtain elevated privileges.

The vulnerability exists due to improper input validation in NVIDIA NVStreamKMS.sys service component. By implying specially crafted data a local user can bypass security limitations and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system and compromise the system completely.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Quandro: 340 - 367

NVIDIA Windows GPU Display Driver: 340 - 367

NVS: 340 - 367

CPE2.3

• cpe:2.3:a:nvidia:quandro:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:quandro:361:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvidia_windows_gpu_display_driver:367:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:340:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:352:*:*:*:*:*:*:*
• cpe:2.3:a:nvidia:nvs:361:*:*:*:*:*:*:*

External links

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.