Main Vulnerability Database Vulnerabilities #VU726

Privilege Escalation in nVidia products - CVE-2016-3161

Published: October 3, 2016 / Updated: October 6, 2016

Vulnerability identifier: #VU726

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3161

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
Quandro
NVS
NVIDIA Windows GPU Display Driver

Detailed vulnerability description

The vulnerability allows a local authenticated user to obtain elevated privileges on the target system.

The vulnerability exists due to improper input validation in GFE GameStream and NVTray Plugin. A local user can bypass security restrictions and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system and compromise the system completely.

How to mitigate CVE-2016-3161

NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro

Sources

http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%25

Privilege Escalation in nVidia products - CVE-2016-3161

Detailed vulnerability description

How to mitigate CVE-2016-3161

Sources

Please verify you're human