CVE-2016-2558 — HIGH (8.4) — White Hats Nepal

Vulnerability Description

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows	All versions
Nvidia	Gpu Driver R340	431.61
Nvidia	Gpu Driver R352	353.82

Related Weaknesses (CWE)

CWE-119

References

http://nvidia.custhelp.com/app/answers/detail/a_id/4061Vendor Advisory
https://support.lenovo.com/us/en/product_security/len_5551Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4061Vendor Advisory
https://support.lenovo.com/us/en/product_security/len_5551Third Party Advisory

FAQ

What is CVE-2016-2558?

CVE-2016-2558 is a vulnerability with a CVSS score of 8.4 (HIGH). The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a ...

How severe is CVE-2016-2558?

CVE-2016-2558 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2558?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Nvidia Gpu Driver R340, Nvidia Gpu Driver R352.