Denial of service in nVidia products - CVE-2016-4959
Published: October 5, 2016 / Updated: October 6, 2016
Vulnerability identifier: #VU759
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-4959
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
Quandro
NVS
NVIDIA Windows GPU Display Driver
Quandro
NVS
NVIDIA Windows GPU Display Driver
Detailed vulnerability description
The vulnerability allows a remote user to cause DoS conditions on the target system.
The weakness is caused by improper input validation in Remote Desktop component. Attackers can trigger a blue screen crash and kernel null pointer dereference.
Successful exploitations of the vulnerability may result in denial of service on the vulnerable system.
The weakness is caused by improper input validation in Remote Desktop component. Attackers can trigger a blue screen crash and kernel null pointer dereference.
Successful exploitations of the vulnerability may result in denial of service on the vulnerable system.
How to mitigate CVE-2016-4959
NVIDIA has released software updates at the following link: Geforce, NVS, or Quadro