Nvidia Gpu Driver vulnerabilities

38 known vulnerabilities affecting nvidia/gpu_driver.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH28MEDIUM8

Vulnerabilities

Page 2 of 2

CVE-2016-8808HIGHCVSS 7.8PoC≥ 340, < 342.00≥ 375, < 375.632016-11-08

CVE-2016-8808 [HIGH] CWE-264 CVE-2016-8808: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342. For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denia

nvd

CVE-2016-8810HIGHCVSS 7.8PoC≥ 340, < 342.00≥ 375, < 375.632016-11-08

CVE-2016-8810 [HIGH] CWE-264 CVE-2016-8810: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342. For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denia

nvd

CVE-2016-7389HIGHCVSS 7.8v304.79v340.52+3 more2016-11-08

CVE-2016-7389 [HIGH] CWE-264 CVE-2016-7389: For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 bef For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitr

nvd

CVE-2016-4959HIGHCVSS 7.5≥ 340, < 341.96≥ 352.0, < 354.99+2 more2016-11-08

CVE-2016-4959 [HIGH] CWE-476 CVE-2016-4959: For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A suc For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.

nvd

CVE-2016-7381HIGHCVSS 7.8≥ 340, < 342.00≥ 375, < 375.632016-11-08

CVE-2016-7381 [HIGH] CWE-264 CVE-2016-7381: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342. For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges.

nvd

CVE-2016-5025MEDIUMCVSS 6.6≥ 340, < 341.96≥ 352.0, < 354.99+2 more2016-11-08

CVE-2016-5025 [MEDIUM] CWE-20 CVE-2016-5025: For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI s For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

nvd

CVE-2016-7386MEDIUMCVSS 5.5PoC≥ 340, < 342.00≥ 375, < 375.632016-11-08

CVE-2016-7386 [MEDIUM] CWE-200 CVE-2016-7386: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342. For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

nvd

CVE-2015-5053CRITICALCVSS 10.0v346.16v346.22+9 more2015-11-24

CVE-2015-5053 [CRITICAL] CWE-284 CVE-2015-5053: The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 b The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspe

nvd

CVE-2015-7866HIGHCVSS 7.2≥ 340, < 341.92≥ 352, < 354.35+1 more2015-11-24

CVE-2015-7866 [HIGH] CVE-2015-7866: Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the C Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe.

nvd

CVE-2015-7865HIGHCVSS 7.7PoC≥ 340, < 341.92≥ 352, < 354.35+1 more2015-11-24

CVE-2015-7865 [HIGH] CVE-2015-7865: nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer

nvd

CVE-2015-7869MEDIUMCVSS 6.6≥ 304, < 304.131≥ 340, < 340.96+6 more2015-11-24

CVE-2015-7869 [MEDIUM] CWE-189 CVE-2015-7869: Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possib

nvd

CVE-2015-8328MEDIUMCVSS 6.6≥ 340, < 341.92≥ 352, ≤ 354.35+1 more2015-11-24

CVE-2015-8328 [MEDIUM] CVE-2015-8328: Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 3 Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and

nvd

CVE-2015-5950MEDIUMCVSS 6.9≤ 352.302015-09-30

CVE-2015-5950 [MEDIUM] CWE-119 CVE-2015-5950: The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.

nvd

CVE-2015-3625HIGHCVSS 7.2≥ 304, < 304.125≥ 331, < 331.113+7 more2015-07-18

CVE-2015-3625 [HIGH] CWE-264 CVE-2015-3625: The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 be The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted po

nvd

CVE-2014-8298HIGHCVSS 7.5vr304.125vr331.00+9 more2014-12-10

CVE-2014-8298 [HIGH] CWE-19 CVE-2014-8298: The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65 The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code v

nvd

CVE-2013-5986CRITICALCVSS 10.0v304.00v310.00+3 more2014-01-21

CVE-2013-5986 [CRITICAL] CVE-2013-5986: Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.

nvd

CVE-2013-5987HIGHCVSS 7.2v304.00v310.00+3 more2014-01-21

CVE-2013-5987 [HIGH] CVE-2013-5987: Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

nvd

CVE-2013-0131HIGHCVSS 7.1≤ 304.00v195.22+2 more2013-04-08

CVE-2013-0131 [HIGH] CWE-119 CVE-2013-0131: Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor.

nvd

← Previous2 / 2