Vulnerabilites related to nvidia - gpu_driver_r340
cve-2016-2558
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-05 23:32
Severity ?
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:32:20.876Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.lenovo.com/us/en/product_security/len_5551",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-04-12T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.lenovo.com/us/en/product_security/len_5551",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2558",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
                     refsource: "CONFIRM",
                     url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
                  },
                  {
                     name: "https://support.lenovo.com/us/en/product_security/len_5551",
                     refsource: "CONFIRM",
                     url: "https://support.lenovo.com/us/en/product_security/len_5551",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2558",
      datePublished: "2016-04-12T14:00:00",
      dateReserved: "2016-02-24T00:00:00",
      dateUpdated: "2024-08-05T23:32:20.876Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2557
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-05 23:32
Severity ?
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:32:20.799Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.lenovo.com/us/en/product_security/len_5551",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-04-12T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.lenovo.com/us/en/product_security/len_5551",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2557",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
                     refsource: "CONFIRM",
                     url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
                  },
                  {
                     name: "https://support.lenovo.com/us/en/product_security/len_5551",
                     refsource: "CONFIRM",
                     url: "https://support.lenovo.com/us/en/product_security/len_5551",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2557",
      datePublished: "2016-04-12T14:00:00",
      dateReserved: "2016-02-24T00:00:00",
      dateUpdated: "2024-08-05T23:32:20.799Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2556
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-05 23:32
Severity ?
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:32:20.961Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.lenovo.com/us/en/product_security/len_5551",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-04-12T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.lenovo.com/us/en/product_security/len_5551",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2556",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
                     refsource: "CONFIRM",
                     url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
                  },
                  {
                     name: "https://support.lenovo.com/us/en/product_security/len_5551",
                     refsource: "CONFIRM",
                     url: "https://support.lenovo.com/us/en/product_security/len_5551",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2556",
      datePublished: "2016-04-12T14:00:00",
      dateReserved: "2016-02-24T00:00:00",
      dateUpdated: "2024-08-05T23:32:20.961Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1170
Vulnerability from cvelistv5
Published
2015-03-06 23:00
Modified
2024-08-06 04:33
Severity ?
Summary
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:33:20.745Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "HPSBHF03272",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
               },
               {
                  name: "1032013",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1032013",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
               },
               {
                  name: "HPSBHF03271",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=142781493222653&w=2",
               },
               {
                  name: "SSRT101950",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-02-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a \"kernel administrator check,\" which allows local users to gain administrator privileges via unspecified API calls.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-06T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "HPSBHF03272",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
            },
            {
               name: "1032013",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1032013",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
            },
            {
               name: "HPSBHF03271",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=142781493222653&w=2",
            },
            {
               name: "SSRT101950",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-1170",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a \"kernel administrator check,\" which allows local users to gain administrator privileges via unspecified API calls.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "HPSBHF03272",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
                  },
                  {
                     name: "1032013",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1032013",
                  },
                  {
                     name: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
                     refsource: "CONFIRM",
                     url: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
                  },
                  {
                     name: "HPSBHF03271",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=142781493222653&w=2",
                  },
                  {
                     name: "SSRT101950",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
                  },
                  {
                     name: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
                     refsource: "CONFIRM",
                     url: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
                  },
                  {
                     name: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
                     refsource: "CONFIRM",
                     url: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-1170",
      datePublished: "2015-03-06T23:00:00",
      dateReserved: "2015-01-17T00:00:00",
      dateUpdated: "2024-08-06T04:33:20.745Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:48
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.
Impacted products
Vendor Product Version
microsoft windows *
nvidia gpu_driver_r340 431.61
nvidia gpu_driver_r352 353.82



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r340:431.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00919CF-48E6-4D02-8064-BE2A620BA4AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r352:353.82:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFD87286-4E0C-40FA-AE67-B6DDB3F9B374",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.",
      },
      {
         lang: "es",
         value: "La interfaz Escape en la capa Kernel Mode Driver en el controlador gráfico NVIDIA GPU R340 en versiones anteriores a 341.95 y R352 en versiones anteriores a 354.74 en Windows permite a usuarios locales obtener información sensible, provocar una denegación de servicio (caída) u obtener privilegios a través de vectores no especificados relacionados con un puntero no fiable, lo que desencadena el acceso a memoria no inicializada o fuera de rango.",
      },
   ],
   id: "CVE-2016-2558",
   lastModified: "2024-11-21T02:48:41.620",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-12T14:59:15.043",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4061",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-03-06 23:59
Modified
2024-11-21 02:24
Severity ?
Summary
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r304:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC74053E-FBF0-4CF9-B2B9-437ABAE34D95",
                     versionEndIncluding: "309.07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r340:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25E2781B-1C6F-4943-A88D-9642F4D0E4D3",
                     versionEndIncluding: "341.43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r343:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C2353E8-A4E7-47E3-AB0C-6C6B013568A3",
                     versionEndIncluding: "345.19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r346:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B8DEF4C-8089-41FF-9587-C3B8A1329C61",
                     versionEndIncluding: "347.51",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a \"kernel administrator check,\" which allows local users to gain administrator privileges via unspecified API calls.",
      },
      {
         lang: "es",
         value: "NVIDIA Display Driver R304 anterior a 309.08, R340 anterior a 341.44, R343 anterior a 345.20, y R346 anterior a 347.52 no valida correctamente los niveles de suplantación de clientes locales cuando realiza la 'comprobación del administrador del kernel,' lo que permite a usuarios locales ganar privilegios de administrador a través de llamadas a la API no especificadas.",
      },
   ],
   id: "CVE-2015-1170",
   lastModified: "2024-11-21T02:24:48.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-03-06T23:59:02.263",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=142781493222653&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1032013",
      },
      {
         source: "cve@mitre.org",
         url: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
      },
      {
         source: "cve@mitre.org",
         url: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=142781493222653&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=143013598825091&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/3634",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1032013",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.lenovo.com/product_security/nvidia_windows_privilege",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:48
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r340:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "79CD04B7-B8EF-40C8-A6C2-D7DB24E60B09",
                     versionEndIncluding: "431.61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r352:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A775B9A-4D7B-4BED-9E2E-45FB954BB33D",
                     versionEndIncluding: "353.82",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La interfaz Escape en la capa Kernel Mode Driver en el controlador gráfico NVIDIA GPU R340 en versiones anteriores a 341.95 y R352 en versiones anteriores a 354.74 en Windows permite el acceso a funcionalidades restringidas de manera incorrecta, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2016-2556",
   lastModified: "2024-11-21T02:48:41.323",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-12T14:59:13.153",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:48
Summary
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.
Impacted products
Vendor Product Version
nvidia gpu_driver_r340 431.61
nvidia gpu_driver_r352 353.82
microsoft windows *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r340:431.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00919CF-48E6-4D02-8064-BE2A620BA4AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nvidia:gpu_driver_r352:353.82:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFD87286-4E0C-40FA-AE67-B6DDB3F9B374",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.",
      },
      {
         lang: "es",
         value: "La interfaz Escape en la capa Kernel Mode Driver en el controlador gráfico NVIDIA GPU R340 en versiones anteriores a 341.95 y R352 en versiones anteriores a 354.74 en Windows permite a usuarios locales obtener información sensible de la memoria del kernel, provocar una denegación de servicio (caída) o posiblemente obtener privilegios a través de vectores no especificados, lo que desencadena el acceso a memoria no inicializada o fuera de rango.",
      },
   ],
   id: "CVE-2016-2557",
   lastModified: "2024-11-21T02:48:41.480",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-12T14:59:14.137",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4060",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.lenovo.com/us/en/product_security/len_5551",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}