Security Bulletin: NVIDIA GPU contains multiple vulnerabilities in the kernel mode layer handler

Answer ID 4544
Updated 09/25/2017 10:30 AM

NVIDIA GPU Display Driver vulnerabilities may lead to denial of service or possible escalation of privilege

Go to NVIDIA Product Security.


Vulnerability Details

The following sections summarize the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS.

CVE-2017-6269

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation, which may lead to denial of service or potential escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 8.2
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CVE-2017-6268

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2017-6277

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or possible escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2017-6272

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to a denial of service or possible escalation of privileges.

CVSS Base Score: 8.8
CVSS Temporal Score: 7.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

CVE-2017-6266

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2017-6267

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop, which may lead to a denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS V3 Vector CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2017-6270

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation, which may lead to a possible division by zero and denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

CVE-2017-6271

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information, which may lead to a possible division by zero and denial of service.

CVSS Base Score: 6.5
CVSS Temporal Score: 5.9
CVSS Vector: CVSS: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration. NVIDIA doesn’t know of any exploits of these issues at this time.

Affected Products

CVE Product OS
CVE-2017-6268
CVE-2017-6269
CVE-2017-6270
CVE-2017-6271
CVE-2017-6277
GeForce
NVS
Quadro
Tesla
GRID
Windows
CVE-2017-6266
CVE-2017-6267
CVE-2017-6272
GeForce
NVS
Quadro
Tesla
GRID
Windows, Linux, FreeBSD, Solaris

Fixes

Download GPU fixes from the NVIDIA Driver Downloads page.

If you are an Enterprise Service customer using NVIDIA GRID, visit the NVIDIA Licensing Center to obtain NVIDIA GRID fixes.

Windows

Product Product Series OS Branch Fixed Version
GeForce All Windows R384 385.69 includes GFE 3.9.0.61
NVS, Quadro All Windows R384 385.69
R375 377.61
Tesla All Windows R384 385.54
GRID GRID Series
GRID vGPU
Windows R367 GRID Software 4.4
370.16

Linux

Product

Product Series

OS

Branch

Fixed Version

GeForce All Linux, FreeBSD, Solaris R384 384.90
Quadro, NVS All Linux, FreeBSD, Solaris R384 384.90
Tesla All Linux R384 384.81 
R375 375.88
GRID GRID Series  Linux, Citrix XenServer, and VMware vSphere R367 GRID Software 4.4
367.122

Note:

  • If you are using earlier driver branches of the affected products, upgrade to a supported driver branch that contains the fix as listed in tables for Windows and Linux.
  • If you are using GFE, install the latest drivers. GFE security bulletins are available on the NVIDIA Product Security page.
  • CVE-2017-6277 and CVE-2017-6272 were addressed in branch R375. However, these CVEs were not disclosed in the previous security bulletin.

Mitigations

None.

Acknowledgements

CVE-2017-6269, CVE-2017-6270, CVE-2017-6271: NVIDIA was informed of these issues by Enrique Nissim of IOActive.

Revision History

Revision Date Description
2.0 September 25, 2017 Added information about affected NVIDIA GRID products, fixed versions for Tesla products, and fixed version in the R375 driver branch for Quadro and NVS products
1.0 September 21, 2017 Initial release

Frequently Asked Questions (FAQs)

How do I know what driver version I have installed?

  1. Launch Windows Device Manager.
  2. Select Display Adapters.
  3. Select the NVIDIA GPU node and right-click.
  4. Go to the Driver tab.

The driver version can be deciphered as shown in the following examples: 10.18.13.6472 is 364.72 and 10.18.13.472 is 304.72

Disclaimer

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

LIVE CHAT

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

CONTACT US