検出

NVIDIA Windows GPUディスプレイドライバー340.x/341.x/342.x < 342.00/375.x < 375.63の複数の脆弱性

high Nessus プラグイン ID 94576

Language:

概要

リモートWindowsホストにインストールされたディスプレイドライバーは、複数の脆弱性の影響を受けます。

説明

リモートのWindowsホストにインストールされているNVIDIA GPUディスプレイドライバーのバージョンは、340.x、341.x、342.00より前の342.x、375.63より前の375.xです。したがって、以下の複数の脆弱性による影響を受けます。

 - An array-indexing error exists in nvlddmkm.sys due to improper validation of input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-7381)

 - A flaw exists in nvlddmkm.sys due to missing permission checks. ローカルの攻撃者がこの脆弱性を悪用し、任意のメモリコンテンツを漏えいし、昇格した権限を得る可能性があります。
 (CVE-2016-7382)

 - A flaw exists in nvlddmkm.sys when handling memory mapping that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-7383)

 - A flaw exists in nvlddmkm.sys when handling UVMLiteController device IO control input and output lengths. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2016-7384)

 - An untrusted pointer dereference flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x700010d. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-7385)

 - A flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x70000d4 that allows a local attacker to disclose uninitialized memory contents. (CVE-2016-7386)

 - A flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x600000d that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-7387)

 - A NULL pointer dereference flaw exists in nvlddmkm.sys that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges in certain unsafe configurations. (CVE-2016-7388)

 - An array-indexing error exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x7000194 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges.
 (CVE-2016-7390)

 - A flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x100010b that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-7391)

 - A flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x7000014 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-8805)

 - An untrusted pointer dereference flaw exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x5000027 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-8806)

 - A stack-based buffer overflow condition exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x10000e9 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges. (CVE-2016-8807)

 - A buffer overflow condition exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x70000d that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges.
 (CVE-2016-8808)

 - A buffer overflow condition exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x70001b2 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges.
 (CVE-2016-8809)

 - A buffer overflow condition exists in nvlddmkm.sys when handling DxgDdiEscape ID 0x100009a that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges.
 (CVE-2016-8810)

 - A flaw exists in nvlddmkm.sys driver when handling DxgDdiEscape ID 0x7000170 that allows a local attacker to cause a denial of service condition or the execution of arbitrary code with elevated privileges.
 (CVE-2016-8811)

 - A stack-based overflow condition exists in nvstreamkms.sys when handling executable paths. ローカルの攻撃者がこの脆弱性を悪用し、昇格した権限で任意のコードを実行する可能性があります。Note that this vulnerability only affects systems that also have GeForce Experience software installed. (CVE-2016-8812)

ソリューション

ベンダーのアドバイザリに従って、NVIDIAグラフィックスドライバーをバージョン342.00/375.63以降にアップグレードしてください。

参考資料

https://nvidia.custhelp.com/app/answers/detail/a_id/4247

プラグインの詳細

深刻度: High

ID: 94576

ファイル名: nvidia_win_cve_2016_7389.nasl

バージョン: 1.8

タイプ: local

エージェント: windows

ファミリー: Windows

公開日: 2016/11/4

更新日: 2023/4/5

設定: パラノイドモードの有効化

サポートされているセンサー: Nessus Agent, Nessus

リスク情報

VPR

リスクファクター: High

スコア: 7.4

CVSS v2

リスクファクター: High

基本値: 7.2

現状値: 6

ベクトル: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS スコアのソース: CVE-2016-7381

CVSS v3

リスクファクター: High

基本値: 8.8

現状値: 8.2

ベクトル: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

現状ベクトル: CVSS:3.0/E:F/RL:O/RC:C

脆弱性情報

CPE: cpe:/a:nvidia:gpu_driver

必要な KB アイテム: Settings/ParanoidReport, WMI/DisplayDrivers/NVIDIA

エクスプロイトが利用可能: true

エクスプロイトの容易さ: Exploits are available

パッチ公開日: 2016/10/28

脆弱性公開日: 2016/10/28

エクスプロイト可能

Core Impact

参照情報

CVE: CVE-2016-7381, CVE-2016-7382, CVE-2016-7383, CVE-2016-7384, CVE-2016-7385, CVE-2016-7386, CVE-2016-7387, CVE-2016-7388, CVE-2016-7390, CVE-2016-7391, CVE-2016-8805, CVE-2016-8806, CVE-2016-8807, CVE-2016-8808, CVE-2016-8809, CVE-2016-8810, CVE-2016-8811, CVE-2016-8812

BID: 93981, 93982, 93983, 93984, 93985, 93986, 93987, 93988, 93990, 93992, 93997, 93999, 94001, 94002