Denial of service in nVidia NVS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8812 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
NVS Client/Desktop applications / Multimedia software Quadro Client/Desktop applications / Multimedia software GeForce driver for Windows Client/Desktop applications / Multimedia software GeForce Experience Client/Desktop applications / Other client software |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU1128
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-8812
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to cause D0S condition or obtain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvstreamkms.sys). By specially crafted executable paths a local attacker can trigger a stack buffer overflow, leading to a denial of service or escalation of privileges.
Successful exploitation of the vulnerability may result in denial of service or privilege escalation.
Mitigation
Update to version 2.11.4.125, 3.1.0.52.
Vulnerable software versionsNVS: 340 - 375.63
Quadro: 340 - 375.63
GeForce driver for Windows: 375 - 375.63
GeForce Experience: 2.11.4.125 - 375
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4247
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
