CVE-2016-2557 — HIGH (8.4) — White Hats Nepal

Vulnerability Description

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nvidia	Gpu Driver R340	431.61
Nvidia	Gpu Driver R352	353.82
Microsoft	Windows	All versions

Related Weaknesses (CWE)

CWE-264

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4060Vendor Advisory
https://support.lenovo.com/us/en/product_security/len_5551Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4060Vendor Advisory
https://support.lenovo.com/us/en/product_security/len_5551Third Party Advisory

FAQ

What is CVE-2016-2557?

CVE-2016-2557 is a vulnerability with a CVSS score of 8.4 (HIGH). The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kern...

How severe is CVE-2016-2557?

CVE-2016-2557 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2557?

Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Gpu Driver R340, Nvidia Gpu Driver R352, Microsoft Windows.