Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems

Answer ID 4213
Published 08/11/2016 12:37 PM
Updated 10/17/2016 10:13 AM

(CVE-2016-4959, CVE-2016-3161, CVE-2016-5852, CVE-2016-4960, CVE-2016-5025, CVE-2016-4961)


Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems (CVE-2016-4959, CVE-2016-3161, CVE-2016-5852, CVE-2016-4960, CVE-2016-5025, CVE-2016-4961)

Vulnerability Details

 

CVE-2016-4959

 

Description: Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash.

 

CVSS Base Score: 7.8

CVSS Temporal Score: 6.1

CVSS Environmental Score: [determined by user]

CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)

CVE-2016-3161 and CVE-2016-5852

Description: GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level.

CVSS Base Score: 6.8

CVSS Temporal Score: 5

CVSS Environmental Score: [determined by user]

CVSS V2 Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

 

CVE-2016-4960

 

Description: The NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.

 

CVSS Base Score: 6.6

CVSS Temporal Score: 5.5

CVSS Environmental Score: [determined by user]

CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)

 

CVE-2016-5025

 

Description: Improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

 

CVSS Base Score: 5.7

CVSS Temporal Score: 4.5

CVSS Environmental Score: [determined by user]

CVSS V2 Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:C/E:POC/RL:OF/RC:C)

 

CVE-2016-4961

 

Description: Improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.

 

CVSS Base Score: 4.6

CVSS Temporal Score: 3.8

CVSS Environmental Score: [determined by user]

CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C)

 

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA doesn't know of any exploits to these issues at this time.

 


Affected Products

 

CVE

Product*

Impacted Installed Component

Impacted Configuration

OS

CVE-2016-4959

Quadro, NVS, GeForce

Graphics Driver

Optimus

· Windows 7

· Windows 8.x

· Microsoft Hybrid systems shipped with Windows 8.1 and Windows 10 that have been downgraded to Windows 7

CVE-2016-5025

Quadro, NVS, GeForce

Graphics Driver

All

Windows

CVE-2016-3161, CVE-2016-5852, CVE-2016-4960, CVE-2016-4961

Quadro, NVS, GeForce

GeForce Experience

All

Windows

*Product is affected only if the impacted component, O/S & configuration is installed/used.


Fixes

 

You can download the fixes from here.

Product Type

Product Series

OS

Branch

First version that includes the fix

Quadro or NVS

All supported Quadro series or NVS series

Windows

R367

368.39

R361

362.77

R352

354.99

R340

341.96

GeForce

All supported series

Windows

R367

368.69

GeForce

Tesla architecture GPUs listed here

Windows

R340

341.96


Mitigations

For CVE-2016-4959:

 

NVIDIA recommends updating the driver packages to eliminate the remote denial of service risk. If driver upgrades are not possible, it is likely that the following steps can also reduce your risk if Remote Desktop access is not required:

I. Use network layer controls, for example in the firewall or router, to drop packets to the Remote Desktop Protocol (RDP) port (UDP/TCP 3389).

Dropping packets to the RDP port prevents access to the affected protocol.

II. Disable RDP at the client as follows:

1. In Control Panel, click System and Security.

2. On the System and Security page, under System, click Allow remote access.

3. In the System Properties dialog box, on the Remote tab, select the Don't allow connections to this computer option.

4. Click OK.

III. Consider Windows Group Policy controls, which may be used at the Enterprise level.

Consult an IT specialist for your enterprise for advice on appropriate changes based on local policies.


Acknowledgement

 

CVE-2016-4959: NVIDIA was informed of this issue by Tripwire VERT.

CVE-2016-3161 and CVE-2016-5852: NVIDIA was informed of this issue by Alin Ghica.

CVE-2016-4960 and CVE-2016-4961: NVIDIA was informed of this issue by Joseph Bialek of Microsoft Vulnerability Research.

CVE-2016-5025: NVIDIA was informed of this issue by Daniel Cornel.


Revision History

 

Revision

Date

Description

1.0

August 19, 2016

Initial release


Frequently Asked Questions (FAQs)

 

Q. How do I know what driver version I have installed?

A.

  1. Launch Windows Device Manager.
  2. Select Display Adapters.
  3. Right-click the NVIDIA GPU node.
  4. Click the Driver tab.

The driver version is the last 5 digits of the Driver Version (e.g., 10.18.13.6472 is 364.72)

Q. How do I know if I am using Optimus?

A. Visit the NVIDIA Knowledge Base Article 2523


Disclaimer

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, "MATERIALS") ARE BEING PROVIDED "AS IS." NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND ON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US