Main Vulnerability Database Vulnerabilities #VU720

Privilege escalation in nVidia products - CVE-2016-4960

Published: October 4, 2016 / Updated: October 6, 2016

Vulnerability identifier: #VU720

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2016-4960

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
Quandro
NVS
NVIDIA Windows GPU Display Driver

Detailed vulnerability description

The vulnerability allows a local authenticated user to obtain elevated privileges.

The vulnerability exists due to improper input validation in NVIDIA NVStreamKMS.sys service component. By implying specially crafted data a local user can bypass security limitations and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system and compromise the system completely.

How to mitigate CVE-2016-4960

Install updates from vendor's website.

Sources

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Privilege escalation in nVidia products - CVE-2016-4960

Detailed vulnerability description

How to mitigate CVE-2016-4960

Sources

Please verify you're human