Sign-up

ID

VAR-201611-0008


CVE

CVE-2016-5025


TITLE

plural NVIDIA Product Windows GPU Service operation disruption in display drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005839

DESCRIPTION

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition

Trust: 1.89

sources: NVD: CVE-2016-5025 // JVNDB: JVNDB-2016-005839 // BID: 93251

AFFECTED PRODUCTS

vendor:nvidiamodel:gpu driverscope:gteversion:352.0

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:ltversion:362.77

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:gteversion:367

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:ltversion:341.96

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:ltversion:354.99

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:ltversion:368.39

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:gteversion:361

Trust: 1.0

vendor:nvidiamodel:gpu driverscope:gteversion:340

Trust: 1.0

vendor:nvidiamodel:gpu display driverscope:eqversion:(windows)

Trust: 0.8

vendor:nvidiamodel:gpu driverscope:eqversion:354.74

Trust: 0.6

vendor:nvidiamodel:gpu driverscope:eqversion:368.22

Trust: 0.6

vendor:nvidiamodel:gpu driverscope:eqversion:362.00

Trust: 0.6

vendor:nvidiamodel:gpu driverscope:eqversion:368.39

Trust: 0.6

vendor:nvidiamodel:gpu driverscope:eqversion:341.95

Trust: 0.6

vendor:nvidiamodel:quadro r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r361scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r352scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:quadro r340scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r361scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r352scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:nvs r340scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:geforce r367scope:eqversion:0

Trust: 0.3

vendor:nvidiamodel:geforce r340scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstationscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkserverscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:systemscope:eqversion:x0

Trust: 0.3

vendor:lenovomodel:ideapadscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:desktopscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:systemscope:eqversion:x0

Trust: 0.3

vendor:nvidiamodel:quadro r367scope:neversion:368.39

Trust: 0.3

vendor:nvidiamodel:quadro r361scope:neversion:362.77

Trust: 0.3

vendor:nvidiamodel:quadro r352scope:neversion:354.99

Trust: 0.3

vendor:nvidiamodel:quadro r340scope:neversion:341.96

Trust: 0.3

vendor:nvidiamodel:nvs r367scope:neversion:368.39

Trust: 0.3

vendor:nvidiamodel:nvs r361scope:neversion:362.77

Trust: 0.3

vendor:nvidiamodel:nvs r352scope:neversion:354.99

Trust: 0.3

vendor:nvidiamodel:nvs r340scope:neversion:341.96

Trust: 0.3

vendor:nvidiamodel:geforce r367scope:neversion:368.69

Trust: 0.3

vendor:nvidiamodel:geforce r340scope:neversion:341.96

Trust: 0.3

sources: BID: 93251 // JVNDB: JVNDB-2016-005839 // CNNVD: CNNVD-201610-125 // NVD: CVE-2016-5025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5025
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-5025
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201610-125
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-5025
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-5025
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-005839 // CNNVD: CNNVD-201610-125 // NVD: CVE-2016-5025

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-005839 // NVD: CVE-2016-5025

THREAT TYPE

local

Trust: 0.9

sources: BID: 93251 // CNNVD: CNNVD-201610-125

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201610-125

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005839

PATCH
title:Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systemsurl:http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Trust: 0.8
title:NVIDIA Quadro , NVS  and GeForce Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65443
Trust: 0.6
title:NVIDIA Quadro , NVS  and GeForce Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65294
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005839 // 
            
            
            
            CNNVD: CNNVD-201610-125

EXTERNAL IDS
db:NVDid:CVE-2016-5025
Trust: 2.7
db:BIDid:93251
Trust: 1.9
db:JVNDBid:JVNDB-2016-005839
Trust: 0.8
db:CNNVDid:CNNVD-201610-125
Trust: 0.6
sources:
            
            
            BID: 93251 // 
            
            
            
            JVNDB: JVNDB-2016-005839 // 
            
            
            
            CNNVD: CNNVD-201610-125 // 
            
            
            
            NVD: CVE-2016-5025

REFERENCES
url:https://support.lenovo.com/us/en/product_security/ps500070
Trust: 1.9
url:http://www.securityfocus.com/bid/93251
Trust: 1.6
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4213
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5025
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5025
Trust: 0.8
url:http://www.nvidia.com
Trust: 0.3
url:http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce
Trust: 0.3
sources:
            
            
            BID: 93251 // 
            
            
            
            JVNDB: JVNDB-2016-005839 // 
            
            
            
            CNNVD: CNNVD-201610-125 // 
            
            
            
            NVD: CVE-2016-5025

CREDITS
Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.
Trust: 0.3
sources:
            
            
            BID: 93251

SOURCES
db:BIDid:93251
db:JVNDBid:JVNDB-2016-005839
db:CNNVDid:CNNVD-201610-125
db:NVDid:CVE-2016-5025

LAST UPDATE DATE
2024-11-23T22:01:22.778000+00:00

SOURCES UPDATE DATE
db:BIDid:93251date:2016-10-03T00:03:00
db:JVNDBid:JVNDB-2016-005839date:2016-11-14T00:00:00
db:CNNVDid:CNNVD-201610-125date:2019-05-31T00:00:00
db:NVDid:CVE-2016-5025date:2024-11-21T02:53:28.603

SOURCES RELEASE DATE
db:BIDid:93251date:2016-08-11T00:00:00
db:JVNDBid:JVNDB-2016-005839date:2016-11-14T00:00:00
db:CNNVDid:CNNVD-201610-125date:2016-09-29T00:00:00
db:NVDid:CVE-2016-5025date:2016-11-08T20:59:04.630