NVIDIA Windows GPU Display Driver 340.x < 342.01 / 375.x < 376.33 Multiple Vulnerabilities

high Nessus Plugin ID 96002

Synopsis

A display driver installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of the NVIDIA GPU display driver installed on the remote Windows host is 340.x prior to 342.01 or 375.x prior to 376.33. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper access controls. A local attacker can exploit this to access arbitrary memory and thereby gain elevated privileges.
(CVE-2016-8821)

- A flaw exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape IDs 0x600000E, 0x600000F, and 0x6000010 due to improper validation of user-supplied input that is used as an index to an internal array. A local attacker can exploit this to corrupt memory, resulting in a denial of service condition or an escalation of privileges. (CVE-2016-8822)

- Multiple buffer overflow conditions exist in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper validation of an input buffer size. A local attacker can exploit these to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-8823, CVE-2016-8825)

- A flaw exists in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape due to improper access controls. A local attacker can exploit this to write to restricted portions of the registry and thereby gain elevated privileges. (CVE-2016-8824)

- A flaw exists in the nvlddmkm.sys driver that allows a local attacker to cause GPU interrupt saturation, resulting in a denial of service condition.
(CVE-2016-8826)

Solution

Upgrade the NVIDIA graphics driver to version 342.01 / 376.33 or later.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/4278

Plugin Details

Severity: High

ID: 96002

File Name: nvidia_win_cve_2016_8826.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 12/21/2016

Updated: 4/5/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-8821

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:nvidia:gpu_driver

Required KB Items: WMI/DisplayDrivers/NVIDIA, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 12/9/2016

Vulnerability Publication Date: 12/9/2016

Reference Information

CVE: CVE-2016-8821, CVE-2016-8822, CVE-2016-8823, CVE-2016-8824, CVE-2016-8825, CVE-2016-8826

BID: 94918, 94956, 94957