SB2017052603 - Multiple vulnerabilities in NVIDIA GPU Display Driver
Published: May 26, 2017
Security Bulletin ID
SB2017052603
Severity
Low
Patch available
YES
Number of vulnerabilities
15
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-0341)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger an access to a pointer that has not been initialized and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
2) Incorrect calculation (CVE-ID: CVE-2017-0342)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to incorrect calculation. A local attacker can provide a specially crafted input, trigger invalid address access and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
3) Race condition (CVE-ID: CVE-2017-0343)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to lack of synchronization in two functions. A local attacker can provide a specially crafted input, trigger a race condition and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
4) Privilege escalation (CVE-ID: CVE-2017-0344)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due improper access control. A local attacker can provide a specially crafted input, gain access to arbitrary physical memory and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
5) Out-of-bounds read (CVE-ID: CVE-2017-0345)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input used as an array size, trigger out-of-bound access in kernel memory and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
6) Memory corruption (CVE-ID: CVE-2017-0346)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to boundary error. A local attacker can provide a specially crafted input, trigger memory corruption and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
7) Null pointer dereference (CVE-ID: CVE-2017-0347)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to insufficient validation of user-supplied input. A local attacker can provide a specially crafted value that is used as an index to an array, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
8) Null pointer dereference (CVE-ID: CVE-2017-0348)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
9) Null pointer dereference (CVE-ID: CVE-2017-0349)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper input validation. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
10) Null pointer dereference (CVE-ID: CVE-2017-0350)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer handler due to improper validation of a value passed from a user to the driver. A local attacker can provide a specially crafted value that is used in an offset calculation, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
11) Null pointer dereference (CVE-ID: CVE-2017-0351)
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists in the kernel mode layer handler due to improper validation of user supplied data. A local attacker can provide a specially crafted input, trigger NULL pointer dereference and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
12) Privilege escalation (CVE-ID: CVE-2017-0352)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
13) Denial of service (CVE-ID: CVE-2017-0353)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the kernel mode layer handler for DxgDdiEscape due to improper locking of resource. A local attacker can provide a specially crafted input and cause the application to crash.
Successful exploitation of the vulnerability may result in denial of service.
14) Denial of service (CVE-ID: CVE-2017-0354)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can make a call to certain functions requiring lower IRQL under raised IRQL and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
15) Denial of service (CVE-ID: CVE-2017-0355)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can provide a specially crafted input, gain access to paged memory while holding a spin lock and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
Remediation
Install update from vendor's website.