Vulnerability Details : CVE-2016-5025
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-5025
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5025
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5025
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:C |
3.9
|
8.5
|
NIST | |
6.6
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
1.8
|
4.7
|
NIST |
CWE ids for CVE-2016-5025
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5025
-
http://www.securityfocus.com/bid/93251
Multiple NVIDIA Products Local Privilege Escalation and Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.lenovo.com/us/en/product_security/ps500070
Denial of Service Vulnerabilities in NVidia® Drivers that affect Quadro, NVS and GeForce Windows-based Systems - USThird Party Advisory
-
http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems | NVIDIAPatch;Vendor Advisory
Jump to