| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-6277 |
20 |
|
DoS |
2017-09-22 |
2017-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. |
|
2 |
CVE-2017-6273 |
119 |
|
DoS Overflow |
2017-10-17 |
2017-11-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. |
|
3 |
CVE-2017-6272 |
20 |
|
DoS |
2017-09-22 |
2017-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. |
|
4 |
CVE-2017-6271 |
369 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. |
|
5 |
CVE-2017-6270 |
369 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. |
|
6 |
CVE-2017-6269 |
20 |
|
DoS |
2017-09-22 |
2017-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. |
|
7 |
CVE-2017-6268 |
20 |
|
DoS |
2017-09-22 |
2017-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. |
|
8 |
CVE-2017-6267 |
119 |
|
DoS Overflow |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. |
|
9 |
CVE-2017-6266 |
284 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. |
|
10 |
CVE-2017-6260 |
119 |
|
DoS Overflow |
2017-07-28 |
2017-08-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. |
|
11 |
CVE-2017-6259 |
|
|
DoS |
2017-07-28 |
2017-08-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. |
|
12 |
CVE-2017-6257 |
476 |
|
DoS |
2017-07-28 |
2017-08-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges |
|
13 |
CVE-2017-6256 |
264 |
|
DoS |
2017-07-28 |
2017-08-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. |
|
14 |
CVE-2017-6255 |
264 |
|
DoS |
2017-07-28 |
2017-08-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. |
|
15 |
CVE-2017-6254 |
264 |
|
DoS |
2017-07-28 |
2017-08-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges. |
|
16 |
CVE-2017-6253 |
264 |
|
DoS |
2017-07-28 |
2017-08-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges |
|
17 |
CVE-2017-6252 |
476 |
|
DoS |
2017-07-28 |
2017-08-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. |
|
18 |
CVE-2017-6251 |
284 |
|
+Priv |
2017-07-28 |
2017-08-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. |
|
19 |
CVE-2017-6250 |
254 |
|
Exec Code |
2017-04-28 |
2017-05-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. |
|
20 |
CVE-2017-5927 |
200 |
|
+Info |
2017-02-27 |
2017-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
21 |
CVE-2017-5926 |
200 |
|
+Info |
2017-02-27 |
2017-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
22 |
CVE-2017-5925 |
200 |
|
+Info |
2017-02-27 |
2017-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
23 |
CVE-2017-0866 |
264 |
|
Exec Code Mem. Corr. |
2017-11-16 |
2017-12-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866. |
|
24 |
CVE-2017-0355 |
20 |
|
DoS |
2017-05-09 |
2017-05-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. |
|
25 |
CVE-2017-0354 |
20 |
|
DoS |
2017-05-09 |
2017-05-17 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service. |
|
26 |
CVE-2017-0353 |
20 |
|
DoS |
2017-05-09 |
2017-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service |
|
27 |
CVE-2017-0352 |
284 |
|
|
2017-05-09 |
2017-05-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges |
|
28 |
CVE-2017-0351 |
476 |
|
DoS |
2017-05-09 |
2017-06-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. |
|
29 |
CVE-2017-0350 |
20 |
|
DoS |
2017-05-09 |
2017-06-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges. |
|
30 |
CVE-2017-0349 |
476 |
|
DoS |
2017-05-09 |
2017-05-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges. |
|
31 |
CVE-2017-0348 |
476 |
|
DoS |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. |
|
32 |
CVE-2017-0347 |
129 |
|
DoS |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges. |
|
33 |
CVE-2017-0346 |
20 |
|
DoS |
2017-05-09 |
2017-05-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. |
|
34 |
CVE-2017-0345 |
129 |
|
DoS |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges |
|
35 |
CVE-2017-0344 |
284 |
|
+Priv |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges. |
|
36 |
CVE-2017-0343 |
362 |
|
DoS |
2017-05-09 |
2017-05-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges. |
|
37 |
CVE-2017-0342 |
682 |
|
DoS |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges. |
|
38 |
CVE-2017-0341 |
476 |
|
DoS |
2017-05-09 |
2017-05-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges. |
|
39 |
CVE-2017-0324 |
119 |
|
DoS Overflow |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. |
|
40 |
CVE-2017-0323 |
476 |
|
DoS |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. |
|
41 |
CVE-2017-0322 |
129 |
|
DoS |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges. |
|
42 |
CVE-2017-0321 |
476 |
|
DoS |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. |
|
43 |
CVE-2017-0320 |
19 |
|
DoS |
2017-02-15 |
2017-02-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. |
|
44 |
CVE-2017-0319 |
19 |
|
DoS |
2017-02-15 |
2017-02-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system. |
|
45 |
CVE-2017-0318 |
20 |
|
DoS |
2017-02-15 |
2017-02-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. |
|
46 |
CVE-2017-0317 |
275 |
|
Exec Code |
2017-02-15 |
2017-02-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. |
|
47 |
CVE-2017-0316 |
264 |
|
DoS |
2017-10-16 |
2017-11-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges. |
|
48 |
CVE-2017-0315 |
476 |
|
DoS |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges. |
|
49 |
CVE-2017-0314 |
119 |
|
DoS Overflow |
2017-02-15 |
2017-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. |
|
50 |
CVE-2017-0313 |
119 |
|
DoS Overflow |
2017-02-15 |
2017-08-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges. |
