Description
For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94177
Patch, Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4246
Patch, Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-275
Status
published
Products (7)
n/a/Quadro, NVS, GeForce, and Tesla (all versions)
Quadro, NVS, GeForce, and Tesla (all versions)
nvidia/gpu_driver
304.131
nvidia/gpu_driver
340.98
nvidia/gpu_driver
361.93.02
nvidia/gpu_driver
367.44
nvidia/gpu_driver
367.54
nvidia/gpu_driver
370.23
Published
Nov 08, 2016
Tracked Since
Feb 18, 2026