CVE-2017-0345Improper Validation of Array Index in Corporation GPU Display Driver

CWE-129Improper Validation of Array Index3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia Corporation GPU Display Driver
Timeline
PublishedMay 9
Latest updateMay 17

Description

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4vrr-6cp7-955w: All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm2022-05-17
CVEList
CVE-2017-0345: All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm2017-05-09
CVE-2017-0345 — Improper Validation of Array Index | cvebase