Vulnerabilities > Nvidia

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2017-0308 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges.
local
low complexity
nvidia CWE-119
8.8
2016-12-16 CVE-2016-8827 Path Traversal vulnerability in Nvidia Geforce Experience
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
network
low complexity
nvidia CWE-22
6.5
2016-12-16 CVE-2016-8826 Resource Management Errors vulnerability in Nvidia GPU Driver
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.
local
low complexity
nvidia CWE-399
5.5
2016-12-16 CVE-2016-8825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-119
7.8
2016-12-16 CVE-2016-8824 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8823 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges
local
low complexity
nvidia CWE-119
7.8
2016-12-16 CVE-2016-8822 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8
2016-12-16 CVE-2016-8821 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8820 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
local
low complexity
nvidia CWE-20
6.1
2016-12-16 CVE-2016-8819 Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.
local
low complexity
nvidia CWE-775
7.8