CVE-2017-0345

HIGH

NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgDdiEscape Array Index Validation

Title source: llm
STIX 2.1

Description

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4462

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 12.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-129
Status published
Products (2)
nvidia/gpu_driver
Nvidia Corporation/GPU Display Driver All versions
Published May 09, 2017
Tracked Since Feb 18, 2026