NVIDIA Graphics Driver 340.x < 341.96 / 352.x < 354.99 / 361.x < 362.77 / 367.x < 368.39 Multiple Vulnerabilities

high Nessus Plugin ID 93912

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The version of the NVIDIA graphics driver installed on the remote Windows host is 340.x prior to 341.96, 352.x prior to 354.99, 361.x prior to 362.77, or 367.x prior to 368.39. It is, therefore, affected by multiple vulnerabilities :

- A privilege escalation vulnerability exists in GFE GameStream due to an unquoted search path. A local attacker can exploit this, via a malicious executable in the root path, to elevate privileges. (CVE-2016-3161)

- A denial of service vulnerability exists due to a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this to cause a crash.
(CVE-2016-4959)

- A privilege escalation vulnerability exists in the NVStreamKMS.sys driver due to improper sanitization of user-supplied data passed via API entry points. A local attacker can exploit this to gain elevated privileges.
(CVE-2016-4960)

- A denial of service vulnerability exists in the NVStreamKMS.sys driver due to improper handling of parameters. An unauthenticated, remote attacker can exploit this to cause a crash. (CVE-2016-4961)

- A denial of service vulnerability exists in the NVAPI support layer due to improper sanitization of parameters. An unauthenticated, remote attacker can exploit this to cause a crash. (CVE-2016-5025)

- A privilege escalation vulnerability exists in the NVTray plugin due to an unquoted search path. A local attacker can exploit this, via a malicious executable in the root path, to elevate privileges. (CVE-2016-5852)

Note that CVE-2016-3161, CVE-2016-4960, CVE-2016-4961, and CVE-2016-5852 only affect systems which also have GeForce Experience software installed.

Solution

Upgrade the NVIDIA graphics driver to version 341.96 / 354.99 / 362.77 / 368.39 or later. Alternatively, for CVE-2016-4959, apply the mitigation referenced in the vendor advisory.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/4213

Plugin Details

Severity: High

ID: 93912

File Name: nvidia_win_cve_2016_4959.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 10/7/2016

Updated: 4/5/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-5852

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:nvidia:gpu_driver

Required KB Items: WMI/DisplayDrivers/NVIDIA, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 8/11/2016

Reference Information

CVE: CVE-2016-3161, CVE-2016-4959, CVE-2016-4960, CVE-2016-4961, CVE-2016-5025, CVE-2016-5852