Multiple vulnerabilities in NVIDIA GPU Display Driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2017-0341 CVE-2017-0342 CVE-2017-0343 CVE-2017-0344 CVE-2017-0345 CVE-2017-0346 CVE-2017-0347 CVE-2017-0348 CVE-2017-0349 CVE-2017-0350 CVE-2017-0351 CVE-2017-0352 CVE-2017-0353 CVE-2017-0354 CVE-2017-0355 |
| CWE-ID | CWE-20 CWE-682 CWE-362 CWE-264 CWE-125 CWE-119 CWE-476 CWE-284 CWE-413 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. |
| Vulnerable software Subscribe |
NVIDIA Windows GPU Display Driver Client/Desktop applications / Virtualization software Quandro Client/Desktop applications / Multimedia software NVS Client/Desktop applications / Multimedia software Tesla Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU6725
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0341
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger an access to a pointer that has not been initialized and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Incorrect calculation
EUVDB-ID: #VU6764
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0342
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to incorrect calculation. A local attacker can provide a specially crafted input, trigger invalid address access and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Race condition
EUVDB-ID: #VU6765
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0343
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to lack of synchronization in two functions. A local attacker can provide a specially crafted input, trigger a race condition and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Privilege escalation
EUVDB-ID: #VU6766
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0344
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due improper access control. A local attacker can provide a specially crafted input, gain access to arbitrary physical memory and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU6767
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0345
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input used as an array size, trigger out-of-bound access in kernel memory and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Memory corruption
EUVDB-ID: #VU6768
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0346
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to boundary error. A local attacker can provide a specially crafted input, trigger memory corruption and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Null pointer dereference
EUVDB-ID: #VU6769
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0347
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to insufficient validation of user-supplied input. A local attacker can provide a specially crafted value that is used as an index to an array, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Null pointer dereference
EUVDB-ID: #VU6770
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0348
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Null pointer dereference
EUVDB-ID: #VU6771
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0349
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Null pointer dereference
EUVDB-ID: #VU6772
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0350
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler due to improper validation of a value passed from a user to the driver. A local attacker can provide a specially crafted value that is used in an offset calculation, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Null pointer dereference
EUVDB-ID: #VU6773
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0351
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler due to improper validation of user supplied data. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Privilege escalation
EUVDB-ID: #VU6774
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0352
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Denial of service
EUVDB-ID: #VU6775
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0353
CWE-ID:
CWE-413 - Improper Resource Locking
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgDdiEscape due to improper locking of resource. A local attacker can provide a specially crafted input and cause the application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Denial of service
EUVDB-ID: #VU6776
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0354
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can make a call to certain functions requiring lower IRQL under raised IRQL and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Denial of service
EUVDB-ID: #VU6777
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-0355
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can provide a specially crafted input, gain access to paged memory while holding a spin lock and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Install update from vendor's website.
NVIDIA Windows GPU Display Driver: 304 - 375.63
Quandro: 340 - 367
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
