Vulnerability Description:
Kernel driver escape can allow access to restricted functionality.
Exploit Scope and Risk:
This issue can lead to increased risk of malicious code access to privileged resources. The vulnerability could be exploited to cause potential escalation of privilege, which could allow access to private information or cause denial of service to system resources.
The CVSS risk assessment is listed below.
CVSS Base Score - 7.2
Exploitability sub-score - 3.9
Access Vector: Local
Access Complexity: Low
Authentication: None
Impact sub-score - 10
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS temporal sub-score - 5.3
Exploitability: Unproven that exploit exists
Remediation Level: Official fix
Report Confidence: Confirmed
NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration.
Vulnerable Configurations:
The vulnerabilities in the Kernel Mode Driver layer exist only in NVIDIA Windows GPU drivers. These issues affect all GPU products and are not specific to any GPU-class device.
Vulnerability Discovery:
This issue was identified by NVIDIA.
Fix:
NVIDIA recommends that users upgrade to the fixed driver versions available on nvidia.com as listed in table below. Please note that all R358 and R361 branch drivers include the fix for this issue.
GeForce |
|||
OS |
Branch |
Supported GPUs |
First version that includes the fix |
Windows |
R361 |
All |
All R361 drivers |
Windows |
R358 |
All |
All R358 drivers |
Windows |
R340 |
Tesla generation only GPUs listed here |
341.95 |
Quadro, NVS |
|||
OS |
Branch |
Supported GPUs |
First version that includes the fix |
Windows |
R361 |
All |
All R361 drivers |
Windows |
R352 |
All |
354.74 |
Windows |
R340 |
All |
341.95 |
Mitigations:
Always observe the following safe computing practices:
Only download or execute content and programs from trusted third parties.
Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.
When running as root, do not elevate privileges for activities or programs that don't need them.