Denial of service in nVidia products - CVE-2017-0355
Published: May 26, 2017
Vulnerability identifier: #VU6777
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-0355
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can provide a specially crafted input, gain access to paged memory while holding a spin lock and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to improper validation of user supplied data. A local attacker can provide a specially crafted input, gain access to paged memory while holding a spin lock and cause the target application to crash.
Successful exploitation of the vulnerability may result in denial of service.
How to mitigate CVE-2017-0355
Install update from vendor's website.