Multiple vulnerabilities in NVIDIA GPU Display Driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-6251 CVE-2017-6252 CVE-2017-6253 CVE-2017-6254 CVE-2017-6255 CVE-2017-6259 CVE-2017-6257 CVE-2017-6256 CVE-2017-6260 |
| CWE-ID | CWE-264 CWE-476 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
GeForce driver for Windows Client/Desktop applications / Multimedia software NVS Client/Desktop applications / Multimedia software Tesla Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU7609
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6251
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler due to improper permissions check. A local attacker can gain access to arbitrary physical system memory and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU7610
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6252
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler due to NULL pointer dereference. A local attacker can cause the system to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Privilege escalation
EUVDB-ID: #VU7611
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6253
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to boundary error. A local attacker can cause the system to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Privilege escalation
EUVDB-ID: #VU7612
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6254
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to improper validation of the pointer passed from a user to the driver. A local attacker can cause the system to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Privilege escalation
EUVDB-ID: #VU7613
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6255
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to an error when handling user-supplied parameter. A local attacker can cause the system to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Denial of service
EUVDB-ID: #VU7614
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6259
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer helper function due to incorrect detection and recovery from an invalid state. A remote attacker can perform specific actions and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Privilege escalation
EUVDB-ID: #VU7615
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6257
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler due to NULL pointer dereference. A local attacker can cause the system to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce, Quadro and NVS to version 375.82, 384.59.
Update Tesla to version 375.74, 384.59.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Privilege escalation
EUVDB-ID: #VU7616
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6256
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to improper input validation. A local attacker can pass specially crafted values to the driver cause the system to use it as the index to an array, trigger system crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Denial of service
EUVDB-ID: #VU7617
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6260
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to incorrect calculation of string length. A local attacker can cause the system to crash.
Successful exploitation of the vulnerability may result in denial of service.
Update GeForce to version 384.94.
Update Quadro, NVS and Tesla to version 377.55, 385.08.
GeForce driver for Windows: 304 - 375.63
NVS: 304 - 375.63
Tesla: 361.93 - 367.55
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4525
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
