CVE-2016-4961 — Improper Input Validation in Nvidia Geforce Experience

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 84.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Geforce Experience

Timeline

PublishedNov 8

Latest updateMay 17

Description

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDnvidia/geforce_experience-

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-65xq-x9jj-jf35: For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS↗2022-05-17

▶

CVEList

CVE-2016-4961: For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS↗2016-11-08

▶