CVE-2015-1170

CWE-2643 documents3 sources

Severity

7.2HIGH

EPSS

0.0%

top 85.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Driver R304 Nvidia GPU Driver R340 Nvidia GPU Driver R343 +1 more

Timeline

PublishedMar 6

Latest updateMay 17

Description

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDnvidia/gpu_driver_r304309.07

▶NVDnvidia/gpu_driver_r340341.43

▶NVDnvidia/gpu_driver_r343345.19

▶NVDnvidia/gpu_driver_r346347.51

🔴Vulnerability Details

GHSA

GHSA-9q56-2pj7-p3j9: The NVIDIA Display Driver R304 before 309↗2022-05-17

▶

CVEList

CVE-2015-1170: The NVIDIA Display Driver R304 before 309↗2015-03-06

▶