Vulnerability Details : CVE-2018-6248
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2018-6248
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-6248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
8.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
CWE ids for CVE-2018-6248
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6248
-
http://nvidia.custhelp.com/app/answers/detail/a_id/4649
Security Bulletin: NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities | NVIDIAVendor Advisory
Products affected by CVE-2018-6248
- cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*