Vulnerabilities > Nvidia > GPU Driver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-08 | CVE-2016-7384 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges. | 7.2 |
| 2016-11-08 | CVE-2016-7383 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges. | 6.1 |
| 2016-11-08 | CVE-2016-7382 | Permission Issues vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. | 7.2 |
| 2016-11-08 | CVE-2016-7381 | Permissions, Privileges, and Access Controls vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges. | 7.2 |
| 2016-11-08 | CVE-2016-5025 | Improper Input Validation vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | 6.1 |
| 2016-11-08 | CVE-2016-4959 | NULL Pointer Dereference vulnerability in Nvidia GPU Driver For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. | 7.8 |
| 2015-11-24 | CVE-2015-8328 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. | 6.6 |
| 2015-11-24 | CVE-2015-7869 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. | 6.6 |
| 2015-11-24 | CVE-2015-7866 | Unspecified vulnerability in Nvidia GPU Driver Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. | 7.2 |
| 2015-11-24 | CVE-2015-7865 | Improper Access Control vulnerability in Nvidia GPU Driver nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | 7.7 |