#VU11794 Improper access control in NVIDIA Windows GPU Display Driver - CVE-2018-6252
Published: April 12, 2018
Vulnerability identifier: #VU11794
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6252
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
NVIDIA Windows GPU Display Driver
NVIDIA Windows GPU Display Driver
Software vendor:
nVidia
nVidia
Description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to an access to restricted functionality that is unnecessary for production usage. A local attacker can cause the service to crash.
The weakness exists in the kernel mode layer handler for DxgkDdiEscape due to an access to restricted functionality that is unnecessary for production usage. A local attacker can cause the service to crash.
Remediation
Install update from vendor's website.