CVE-2016-7391

Опубликовано: 08 нояб. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.

Ссылки

http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Patch
Vendor Advisory
http://www.securityfocus.com/bid/93987
Third Party Advisory
VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory
https://www.exploit-db.com/exploits/40661/
Third Party Advisory
VDB Entry
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Patch
Vendor Advisory
http://www.securityfocus.com/bid/93987
Third Party Advisory
VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory
https://www.exploit-db.com/exploits/40661/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*

Версия от 340 (включая) до 342.00 (исключая)

cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*

Версия от 375 (включая) до 375.63 (исключая)

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00379

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-ff56-g4x9-jf3x