Vulnerability Description
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Gpu Driver R304 | <= 309.07 |
| Nvidia | Gpu Driver R340 | <= 341.43 |
| Nvidia | Gpu Driver R343 | <= 345.19 |
| Nvidia | Gpu Driver R346 | <= 347.51 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=142781493222653&w=2
- http://marc.info/?l=bugtraq&m=143013598825091&w=2
- http://nvidia.custhelp.com/app/answers/detail/a_id/3634Vendor Advisory
- http://www.securitytracker.com/id/1032013
- https://support.lenovo.com/product_security/nvidia_windows_privilege
- https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege
- http://marc.info/?l=bugtraq&m=142781493222653&w=2
- http://marc.info/?l=bugtraq&m=143013598825091&w=2
- http://nvidia.custhelp.com/app/answers/detail/a_id/3634Vendor Advisory
- http://www.securitytracker.com/id/1032013
- https://support.lenovo.com/product_security/nvidia_windows_privilege
- https://support.lenovo.com/us/en/product_security/nvidia_windows_privilege
FAQ
What is CVE-2015-1170?
CVE-2015-1170 is a vulnerability with a CVSS score of 7.2 (HIGH). The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel admi...
How severe is CVE-2015-1170?
CVE-2015-1170 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1170?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Gpu Driver R304, Nvidia Gpu Driver R340, Nvidia Gpu Driver R343, Nvidia Gpu Driver R346.