Denial of Service in nVidia products - CVE-2016-5025
Published: October 3, 2016 / Updated: October 6, 2016
Vulnerability identifier: #VU721
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5025
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVS
Quandro
NVIDIA Windows GPU Display Driver
NVS
Quandro
NVIDIA Windows GPU Display Driver
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to trigger DoS conditions on a target system.
The weakness is caused by improper input validation in NVAPI support layer. By impying specially crafted data a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.
The weakness is caused by improper input validation in NVAPI support layer. By impying specially crafted data a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.
How to mitigate CVE-2016-5025
Install updates from vendor's website.