Security Bulletin: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver

Updated 05/15/2017 12:18 PM

A vulnerability in the NVIDIA driver could be used to gain local root privileges

Go to NVIDIA Product Security.

Vulnerability Description

This could be used to gain local root privileges.

A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written.

Exploit Scope and Risk

This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products.

Common Vulnerability Scoring System

CVSS Base Score 6.6

Exploitability Sub-score 2.7

Access Vector Local

Access Complexity Medium

Authentication Single

Impact Sub-score 10

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Vulnerability Discovery

NVIDIA was informed of this issue by researcher Dario Weisser. Mr. Weisser reported the vulnerability and provided a proof-of-concept exploit that caused a denial of service on the system. Mr. Weisser also claimed to have an escalation of privilege exploit using the same vulnerability; this exploit was not provided to NVIDIA.


NVIDIA recommends that users upgrade to the fixed driver version - details below.


Branch 1st version including the fix
R352 353.82
R340 341.81


Branch 1st version including the fix
R304 304.128
R340 340.93
R352 352.41


Branch 1st version including the fix
R352 352.46

Is this answer helpful?

Live Chat

Chat online with one of our support agents



Contact Support for assistance

Ask a Question