| Vulnerability Name: | CVE-2016-2557 (CCN-112249) | ||||||||||||
| Assigned: | 2016-03-14 | ||||||||||||
| Published: | 2016-03-14 | ||||||||||||
| Updated: | 2021-09-09 | ||||||||||||
| Summary: | The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access. | ||||||||||||
| CVSS v3 Severity: | 8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-2557 Source: CCN Type: NVIDIA Knowledgebase 4060 CVE-2016-2557: Kernel driver escape privileged memory access Source: CONFIRM Type: Vendor Advisory http://nvidia.custhelp.com/app/answers/detail/a_id/4060 Source: XF Type: UNKNOWN nvidia-gpu-cve20162557-priv-esc(112249) Source: CCN Type: Lenovo Security Advisory: LEN-5551 NVIDIA GPU Kernel Driver Escape Source: CONFIRM Type: Third Party Advisory https://support.lenovo.com/us/en/product_security/len_5551 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||