Vulnerability Details : CVE-2016-2557
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from kernel memory, cause a denial of service (crash), or possibly gain privileges via unspecified vectors, which trigger uninitialized or out-of-bounds memory access.
Vulnerability category: Denial of service
Products affected by CVE-2016-2557
- cpe:2.3:a:nvidia:gpu_driver_r340:431.61:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver_r352:353.82:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2557
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2557
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.4
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-2557
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2557
-
https://support.lenovo.com/us/en/product_security/len_5551
NVIDIA GPU Kernel Driver Escape - USThird Party Advisory
-
http://nvidia.custhelp.com/app/answers/detail/a_id/4060
Security Bulletin: CVE-2016-2557: Kernel driver escape privileged memory access | NVIDIAVendor Advisory
Jump to