Vulnerability Name:
CVE-2016-4959 (CCN-117495)
Assigned:
2016-08-22
Published:
2016-08-22
Updated:
2019-05-30
Summary:
For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.
CVSS v3 Severity:
7.5 High
(CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
)
6.5 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
High
7.5 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
)
6.5 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
High
CVSS v2 Severity:
7.8 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
7.8 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
Vulnerability Type:
CWE-476
Vulnerability Consequences:
Denial of Service
References:
Source: MITRE
Type: CNA
CVE-2016-4959
Source: CONFIRM
Type: Patch, Vendor Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Source: CCN
Type: NVIDIA Security Bulletin 4213
Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems
Source: BID
Type: Third Party Advisory, VDB Entry
93256
Source: MISC
Type: Third Party Advisory
http://www.tripwire.com/state-of-security/vulnerability-management/warning-this-post-contains-graphic-nvidia-content/
Source: XF
Type: UNKNOWN
nvidia-drivers-cve20164959-dos(117495)
Source: CCN
Type: Lenovo Security Advisory: LEN-9334
Denial of Service Vulnerabilities in NVidia Drivers that affect Quadro, NVS and GeForce Windows-based Systems
Source: CONFIRM
Type: Third Party Advisory
https://support.lenovo.com/us/en/product_security/ps500070
Vulnerable Configuration:
Configuration 1
:
cpe:/a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
(Version >= 340 and < 341.96)
OR
cpe:/a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
(Version >= 352.0 and < 354.99)
OR
cpe:/a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
(Version >= 361 and < 362.77)
OR
cpe:/a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
(Version >= 367 and < 368.39)
AND
cpe:/h:nvidia:geforce_910m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_920m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_930m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_940m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_945m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:nvs_310:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:nvs_315:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:nvs_510:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:nvs_810:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_k420:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_k620:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*
OR
cpe:/h:nvidia:titan_x:-:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
nvidia
gpu driver *
nvidia
gpu driver *
nvidia
gpu driver *
nvidia
gpu driver *
nvidia
geforce 910m -
nvidia
geforce 920m -
nvidia
geforce 920mx -
nvidia
geforce 930m -
nvidia
geforce 930mx -
nvidia
geforce 940m -
nvidia
geforce 940mx -
nvidia
geforce 945m -
nvidia
geforce gt 710 -
nvidia
geforce gt 730 -
nvidia
geforce gtx 1050 -
nvidia
geforce gtx 1060 -
nvidia
geforce gtx 1070 -
nvidia
geforce gtx 1080 -
nvidia
geforce gtx 950m -
nvidia
geforce gtx 960m -
nvidia
geforce gtx 965m -
nvidia
nvs 310 -
nvidia
nvs 315 -
nvidia
nvs 510 -
nvidia
nvs 810 -
nvidia
quadro k1200 -
nvidia
quadro k420 -
nvidia
quadro k620 -
nvidia
quadro m1000m -
nvidia
quadro m2000 -
nvidia
quadro m2000m -
nvidia
quadro m3000m -
nvidia
quadro m4000 -
nvidia
quadro m4000m -
nvidia
quadro m5000 -
nvidia
quadro m5000m -
nvidia
quadro m500m -
nvidia
quadro m5500 -
nvidia
quadro m6000 -
nvidia
quadro m600m -
nvidia
quadro p5000 -
nvidia
quadro p6000 -
nvidia
titan x -
Denotes that component is vulnerable