阿里云漏洞库

漏洞描述

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://nvidia.custhelp.com/app/answers/detail/a_id/5383

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	nvidia	cloud_gaming_guest	*		Up to (excluding) 516.94
	运行在以下环境
	应用	nvidia	gpu_display_driver	*	From (including) 451.48	Up to (excluding) 453.64
	运行在以下环境
	应用	nvidia	gpu_display_driver	*	From (including) 471.11	Up to (excluding) 472.81
	运行在以下环境
	应用	nvidia	gpu_display_driver	*	From (including) 471.11	Up to (excluding) 473.81
	运行在以下环境
	应用	nvidia	gpu_display_driver	*	From (including) 511.09	Up to (excluding) 513.46
	运行在以下环境
	应用	nvidia	gpu_display_driver	*	From (including) 516.25	Up to (excluding) 516.94
	运行在以下环境
	应用	nvidia	studio	-	-
	运行在以下环境
	应用	nvidia	virtual_gpu	*	From (including) 11.0	Up to (excluding) 11.8
	运行在以下环境
	应用	nvidia	virtual_gpu	*	From (including) 13.0	Up to (excluding) 13.3
	运行在以下环境
	应用	nvidia	virtual_gpu	14.0	-
	运行在以下环境
	硬件	nvidia	geforce	-	-
	运行在以下环境
	硬件	nvidia	tesla	-	-

攻击路径

本地
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

高
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-787	跨界内存写

nvidia gpu_display_driver 跨界内存写

漏洞描述

解决建议

参考链接

受影响软件情况