Denial of Service in Quandro and NVIDIA Windows GPU Display Driver - CVE-2016-4961
Published: October 3, 2016 / Updated: October 6, 2016
Vulnerability identifier: #VU722
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4961
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
Quandro
NVIDIA Windows GPU Display Driver
Quandro
NVIDIA Windows GPU Display Driver
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to trigger DoS conditions on a target system.
The weakness is caused by improper input validation in NVStreamKMS.sys API layer. By impying specially crafted parameters a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.
The weakness is caused by improper input validation in NVStreamKMS.sys API layer. By impying specially crafted parameters a malicious user can bypass security limitations and crash the vulnerable service.
Successful exploitation of the vulnerability may result in denial of service on the affected system.
How to mitigate CVE-2016-4961
Install updates from vendor's website.