Privilege escalation in nVidia products - CVE-2017-0352
Published: May 26, 2017
Vulnerability identifier: #VU6774
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-0352
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
The weakness exists in the GPU firmware due improper access control. A local attacker can run CPU software, gain access to sensitive GPU control registers and gain root privileges.
Successful exploitation of the vulnerability may result in full access to the system.
How to mitigate CVE-2017-0352
Install update from vendor's website.