Multiple vulnerabilities in NVIDIA Windows GPU Display Driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-6247 CVE-2018-6253 CVE-2018-6252 CVE-2018-6251 CVE-2018-6250 CVE-2018-6248 CVE-2018-6249 |
| CWE-ID | CWE-476 CWE-835 CWE-284 CWE-787 CWE-805 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NVIDIA Windows GPU Display Driver Client/Desktop applications / Virtualization software |
| Vendor | nVidia |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU11792
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to NULL pointer dereference. A local attacker can gain root privileges.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU11793
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6253
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the DirectX and OpenGL Usermode drivers due to infinite loop. A local attacker can submit a specially crafted pixel shader and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU11794
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6252
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to an access to restricted functionality that is unnecessary for production usage. A local attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU11795
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6251
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the DirectX 10 Usermode driver due to writing to unallocated memory. A local attacker can submit a specially crafted pixel shader, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU11796
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6250
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape due to NULL pointer dereference. A local attacker can gain root privileges.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer access with incorrect length value
EUVDB-ID: #VU11797
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6248
CWE-ID:
CWE-805 - Buffer Access with Incorrect Length Value
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to buffer access with incorrect length value. A local attacker can cause the service to crash or gain root privileges.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU11798
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6249
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in kernel mode layer handler due to NULL pointer dereference. A local attacker can cause the service to crash or gain root privileges.
Install update from vendor's website.
Vulnerable software versionsNVIDIA Windows GPU Display Driver: All versions
External linkshttp://nvidia.custhelp.com/app/answers/detail/a_id/4649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
