CVE-2016-7382 - Vulnerability Details

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Quadro, NVS, GeForce, and Tesla (all versions)

affected

Version	Status	Constraints
`Quadro, NVS, GeForce, and Tesla (all versions)`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:gpu_driver:304.131:::::::*
	cpe:2.3:a:nvidia:gpu_driver:340.98:::::::*
	cpe:2.3:a:nvidia:gpu_driver:361.93.02:::::::*
	cpe:2.3:a:nvidia:gpu_driver:367.44:::::::*
	cpe:2.3:a:nvidia:gpu_driver:367.54:::::::*
	cpe:2.3:a:nvidia:gpu_driver:370.23:::::::*

OR	cpe:2.3:h:nvidia:geforce_910m:-:::::::*
	cpe:2.3:h:nvidia:geforce_920m:-:::::::*
	cpe:2.3:h:nvidia:geforce_920mx:-:::::::*
	cpe:2.3:h:nvidia:geforce_930m:-:::::::*
	cpe:2.3:h:nvidia:geforce_930mx:-:::::::*
	cpe:2.3:h:nvidia:geforce_940m:-:::::::*
	cpe:2.3:h:nvidia:geforce_940mx:-:::::::*
	cpe:2.3:h:nvidia:geforce_945m:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_710:-:::::::*
	cpe:2.3:h:nvidia:geforce_gt_730:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1050:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1060:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1070:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_1080:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_950m:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_960m:-:::::::*
	cpe:2.3:h:nvidia:geforce_gtx_965m:-:::::::*
	cpe:2.3:h:nvidia:nvs_310:-:::::::*
	cpe:2.3:h:nvidia:nvs_315:-:::::::*
	cpe:2.3:h:nvidia:nvs_510:-:::::::*
	cpe:2.3:h:nvidia:nvs_810:-:::::::*
	cpe:2.3:h:nvidia:quadro_k1200:-:::::::*
	cpe:2.3:h:nvidia:quadro_k420:-:::::::*
	cpe:2.3:h:nvidia:quadro_k620:-:::::::*
	cpe:2.3:h:nvidia:quadro_m1000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m2000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m3000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m4000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5000m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m500m:-:::::::*
	cpe:2.3:h:nvidia:quadro_m5500:-:::::::*
	cpe:2.3:h:nvidia:quadro_m6000:-:::::::*
	cpe:2.3:h:nvidia:quadro_m600m:-:::::::*
	cpe:2.3:h:nvidia:quadro_p5000:-:::::::*
	cpe:2.3:h:nvidia:quadro_p6000:-:::::::*
	cpe:2.3:h:nvidia:telsa_k80:-:::::::*
	cpe:2.3:h:nvidia:tesla_c2050:-:::::::*
	cpe:2.3:h:nvidia:tesla_c2070:-:::::::*
	cpe:2.3:h:nvidia:tesla_c2075:-:::::::*
	cpe:2.3:h:nvidia:tesla_k10:-:::::::*
	cpe:2.3:h:nvidia:tesla_k20:-:::::::*
	cpe:2.3:h:nvidia:tesla_k20x:-:::::::*
	cpe:2.3:h:nvidia:tesla_k40:-:::::::*
	cpe:2.3:h:nvidia:tesla_k8:-:::::::*
	cpe:2.3:h:nvidia:tesla_k80:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2050:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2070:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2075:-:::::::*
	cpe:2.3:h:nvidia:tesla_m2090:-:::::::*
	cpe:2.3:h:nvidia:tesla_m40:-:::::::*
	cpe:2.3:h:nvidia:tesla_m6:-:::::::*
	cpe:2.3:h:nvidia:tesla_m60:-:::::::*
	cpe:2.3:h:nvidia:tesla_p100:-:::::::*
	cpe:2.3:h:nvidia:tesla_p4:-:::::::*
	cpe:2.3:h:nvidia:tesla_p40:-:::::::*
	cpe:2.3:h:nvidia:titan_x:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Nvidia Subscribe	Geforce 910m Subscribe Geforce 920m Subscribe Geforce 920mx Subscribe Geforce 930m Subscribe Geforce 930mx Subscribe Geforce 940m Subscribe Geforce 940mx Subscribe Geforce 945m Subscribe Geforce Gt 710 Subscribe Geforce Gt 730 Subscribe Geforce Gtx 1050 Subscribe Geforce Gtx 1060 Subscribe Geforce Gtx 1070 Subscribe Geforce Gtx 1080 Subscribe Geforce Gtx 950m Subscribe Geforce Gtx 960m Subscribe Geforce Gtx 965m Subscribe Gpu Driver Subscribe Nvs 310 Subscribe Nvs 315 Subscribe Nvs 510 Subscribe Nvs 810 Subscribe Quadro K1200 Subscribe Quadro K420 Subscribe Quadro K620 Subscribe Quadro M1000m Subscribe Quadro M2000 Subscribe Quadro M2000m Subscribe Quadro M3000m Subscribe Quadro M4000 Subscribe Quadro M4000m Subscribe Quadro M5000 Subscribe Quadro M5000m Subscribe Quadro M500m Subscribe Quadro M5500 Subscribe Quadro M6000 Subscribe Quadro M600m Subscribe Quadro P5000 Subscribe Quadro P6000 Subscribe Telsa K80 Subscribe Tesla C2050 Subscribe Tesla C2070 Subscribe Tesla C2075 Subscribe Tesla K10 Subscribe Tesla K20 Subscribe Tesla K20x Subscribe Tesla K40 Subscribe Tesla K8 Subscribe Tesla K80 Subscribe Tesla M2050 Subscribe Tesla M2070 Subscribe Tesla M2075 Subscribe Tesla M2090 Subscribe Tesla M40 Subscribe Tesla M6 Subscribe Tesla M60 Subscribe Tesla P100 Subscribe Tesla P4 Subscribe Tesla P40 Subscribe Titan X Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2016-8238	For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.
Ubuntu USN	USN-3122-1	NVIDIA graphics drivers vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://nvidia.custhelp.com/app/answers/detail/a_id/4246
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
http://www.securityfocus.com/bid/94177
https://support.lenovo.com/us/en/solutions/LEN-10822

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2016-11-08T20:37:00.000Z

Updated: 2024-08-06T01:57:47.082Z

Reserved: 2016-09-09T00:00:00.000Z

Link: CVE-2016-7382

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-11-08T20:59:07.943

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-7382

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-275

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object