CVE-2017-0316 - OpenCVE

In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Nvidia	Geforce Experience

Configuration 1 [-]

AND

cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
http://nvidia.custhelp.com/app/answers/detail/a_id/4560	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2017-10-16T00:00:00

Updated: 2017-10-16T20:57:01

Reserved: 2016-11-23T00:00:00

Link: CVE-2017-0316

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-16T21:29:00.213

Modified: 2019-11-07T18:12:45.427

Link: CVE-2017-0316

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "GeForce Experience", "vendor": "Nvidia Corporation", "versions": [{"status": "affected", "version": "3.x"}]}], "datePublic": "2017-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service, Escalation of Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-16T20:57:01", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "DATE_PUBLIC": "2017-10-16T00:00:00", "ID": "CVE-2017-0316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GeForce Experience", "version": {"version_data": [{"version_value": "3.x"}]}}]}, "vendor_name": "Nvidia Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service, Escalation of Privileges"}]}]}, "references": {"reference_data": [{"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"}]}}}}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2017-0316", "datePublished": "2017-10-16T00:00:00", "dateReserved": "2016-11-23T00:00:00", "dateUpdated": "2017-10-16T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", "matchCriteriaId": "5454038C-F1F0-4061-8B5C-04A8CF1658C6", "versionEndExcluding": "3.10.0.55", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges."}, {"lang": "es", "value": "En GeForce Experience (GFE) en versiones 3.x anteriores a la 3.10.0.55, NVIDIA Installer Framework contiene una vulnerabilidad en NVISystemService64 donde un valor pasado desde un usuario al controlador se usa sin validaci\u00f3n, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio o una posible escalada de privilegios."}], "id": "CVE-2017-0316", "lastModified": "2019-11-07T18:12:45.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-16T21:29:00.213", "references": [{"source": "psirt@nvidia.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}