#VU6764 Incorrect calculation in nVidia products - CVE-2017-0342
Published: May 26, 2017 / Updated: May 26, 2017
Vulnerability identifier: #VU6764
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-0342
CWE-ID: CWE-682
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
NVIDIA Windows GPU Display Driver
Quandro
NVS
Tesla
Software vendor:
nVidia
nVidia
Description
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to incorrect calculation. A local attacker can provide a specially crafted input, trigger invalid address access and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
The weakness exists in the kernel mode layer (nvlddmkm.sys) handler due to incorrect calculation. A local attacker can provide a specially crafted input, trigger invalid address access and cause denial of service or potentially escalate privileges.
Successful exploitation of the vulnerability may result in full access to the system.
Remediation
Install update from vendor's website.