CVE-2016-7381

Опубликовано: 08 нояб. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges.

Ссылки

http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94172
Third Party Advisory
VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Patch
Vendor Advisory
http://www.securityfocus.com/bid/94172
Third Party Advisory
VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*

Версия от 340 (включая) до 342.00 (исключая)

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*

Версия от 375 (включая) до 375.63 (исключая)

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-5222-6r5w-7p42