CVE-2016-4961 : For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of param

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

Published 2016-11-08 20:59:04

Updated 2025-04-12 10:46:41

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-4961

Nvidia » Geforce Experience
Versions up to, including, (<=) -
cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*
Matching versions
When used together with: Nvidia » Geforce 910m » Version: N/A
When used together with: Nvidia » Geforce 920m » Version: N/A
When used together with: Nvidia » Geforce 920mx » Version: N/A
When used together with: Nvidia » Geforce 930m » Version: N/A
When used together with: Nvidia » Geforce 930mx » Version: N/A
When used together with: Nvidia » Geforce 940m » Version: N/A
When used together with: Nvidia » Geforce 940mx » Version: N/A
When used together with: Nvidia » Geforce 945m » Version: N/A
When used together with: Nvidia » Geforce Gt 710 » Version: N/A
When used together with: Nvidia » Geforce Gt 730 » Version: N/A
When used together with: Nvidia » Geforce Gtx 1050 » Version: N/A
When used together with: Nvidia » Geforce Gtx 1060 » Version: N/A
When used together with: Nvidia » Geforce Gtx 1070 » Version: N/A
When used together with: Nvidia » Geforce Gtx 1080 » Version: N/A
When used together with: Nvidia » Geforce Gtx 950m » Version: N/A
When used together with: Nvidia » Geforce Gtx 960m » Version: N/A
When used together with: Nvidia » Geforce Gtx 965m » Version: N/A
When used together with: Nvidia » Nvs 310 » Version: N/A
When used together with: Nvidia » Nvs 315 » Version: N/A
When used together with: Nvidia » Nvs 510 » Version: N/A
When used together with: Nvidia » Nvs 810 » Version: N/A
When used together with: Nvidia » Quadro K1200 » Version: N/A
When used together with: Nvidia » Quadro K420 » Version: N/A
When used together with: Nvidia » Quadro K620 » Version: N/A
When used together with: Nvidia » Quadro M1000m » Version: N/A
When used together with: Nvidia » Quadro M2000 » Version: N/A
When used together with: Nvidia » Quadro M2000m » Version: N/A
When used together with: Nvidia » Quadro M3000m » Version: N/A
When used together with: Nvidia » Quadro M4000 » Version: N/A
When used together with: Nvidia » Quadro M4000m » Version: N/A
When used together with: Nvidia » Quadro M5000 » Version: N/A
When used together with: Nvidia » Quadro M5000m » Version: N/A
When used together with: Nvidia » Quadro M500m » Version: N/A
When used together with: Nvidia » Quadro M5500 » Version: N/A
When used together with: Nvidia » Quadro M6000 » Version: N/A
When used together with: Nvidia » Quadro M600m » Version: N/A
When used together with: Nvidia » Quadro P5000 » Version: N/A
When used together with: Nvidia » Quadro P6000 » Version: N/A
When used together with: Nvidia » Titan X » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-4961

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4961

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-4961

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4961

http://www.securityfocus.com/bid/93251

Multiple NVIDIA Products Local Privilege Escalation and Denial of Service Vulnerabilities

CVEs referencing this url
https://support.lenovo.com/us/en/product_security/ps500070

Denial of Service Vulnerabilities in NVidia® Drivers that affect Quadro, NVS and GeForce Windows-based Systems - US

CVEs referencing this url
http://nvidia.custhelp.com/app/answers/detail/a_id/4213

Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems | NVIDIA
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-4961

Products affected by CVE-2016-4961

Exploit prediction scoring system (EPSS) score for CVE-2016-4961

CVSS scores for CVE-2016-4961

CWE ids for CVE-2016-4961

References for CVE-2016-4961