cve-2016-4960
Vulnerability from cvelistv5
Published
2016-11-08 20:37
Modified
2024-08-06 00:46
Severity ?
Summary
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
References
psirt@nvidia.comhttp://nvidia.custhelp.com/app/answers/detail/a_id/4213Patch, Vendor Advisory
psirt@nvidia.comhttp://www.securityfocus.com/bid/93251
psirt@nvidia.comhttps://support.lenovo.com/us/en/product_security/ps500070
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/4213Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93251
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/ps500070
Impacted products
Vendor Product Version
n/a Quadro, NVS, GeForce (all versions) Version: Quadro, NVS, GeForce (all versions)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:39.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/ps500070"
          },
          {
            "name": "93251",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93251"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Quadro, NVS, GeForce (all versions)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Quadro, NVS, GeForce (all versions)"
            }
          ]
        }
      ],
      "datePublic": "2016-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-13T17:57:01",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/ps500070"
        },
        {
          "name": "93251",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93251"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@nvidia.com",
          "ID": "CVE-2016-4960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Quadro, NVS, GeForce (all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Quadro, NVS, GeForce (all versions)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
            },
            {
              "name": "https://support.lenovo.com/us/en/product_security/ps500070",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/ps500070"
            },
            {
              "name": "93251",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93251"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2016-4960",
    "datePublished": "2016-11-08T20:37:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:39.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4960\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2016-11-08T20:59:02.567\",\"lastModified\":\"2024-11-21T02:53:18.470\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.\"},{\"lang\":\"es\",\"value\":\"Para los productos NVIDIA Quadro, NVS y GeForce, el componente de servicio NVIDIA NVStreamKMS.sys est\u00e1 validando incorrectamente los datos suministrados por el usuario a trav\u00e9s de sus puntos de entrada de la API lo que causa una elevaci\u00f3n de privilegios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nvidia:geforce_experience:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DC7A2F9-5F65-4203-B171-6109E61B5F2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6C6E52F-EE00-4CE3-B9F9-0ED847DE3FB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26641568-53CE-4606-B2CA-C25A97795A50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02BAA7E2-E4F5-44C9-BEDF-7425B0C56578\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05A831E4-1119-45F0-B9A0-4D948ECD47E6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F50D6AC-3D1E-4E54-8422-B717456F6257\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03CBD29C-A606-45DE-B2FB-8572B986A4F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44BF5DC1-4609-4F34-9511-785F7B119ADE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3724F083-A7FC-4069-AC35-FB8AA08B6CCD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B72BBAC-CEBD-4405-B1EC-7535794FF5EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2C9365F-B4A5-4EA2-917B-2F07457017EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D835EE77-6031-40D6-8305-F962F42E7018\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0ED6F8E-1F82-4C50-9EEF-A5F58DB440AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E884CEDD-CAA5-489D-A526-B628BB3DE460\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E3455DE-4408-4603-86B2-5ECE76ED459C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C29EDF54-BEA4-49B4-96E9-CDE62F38E3DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EAB33B6-E270-4C11-8E57-2BE127C86134\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF0C08C8-AC1B-4A01-903A-FB56B75CAE55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B376C04-8A35-42E7-8937-1A466E89639A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F13EE983-724F-472B-BCF5-B416D1DF27E1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDF0898-E092-42BA-A777-FB7C5FFC4D3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41B48700-10AB-4194-94BC-D0F177D0B56A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B84A5C10-5B3E-48F1-8F66-4B9EE9C78D24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3B7EE4-080F-4E3C-8304-0837AC20ECCD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E03A4C2-72EF-44FC-9F97-626C8E8A17EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3896B47E-8787-45D2-96B3-BF4892780F35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"316C9573-7C7D-4429-8563-B74FD752AC51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEC13EF-BB2F-4ED2-BC8B-8234ABAEEE02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E13B65-F61B-44D4-B1D7-1E96D9CB45BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76ABA317-6621-4D57-874F-307451EC9C2E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477D72B5-A3EA-440A-B495-8A09E8564E8D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B507EE-F005-4806-A8FC-8C8D9A31B0DB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAD67DC6-AA36-4F93-B8DB-77EB8C153BCA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E707A80B-6482-47DD-8BF3-6E58BC2C697A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E8D2AC7-DC75-4BBA-BF4E-58BF88B49B11\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED233BC3-6982-41E1-9205-5159C17A4A56\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C186F38-89C7-4616-A424-201804F842C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCDC421C-3B8F-4EAA-A2D4-14C14CD7F3DB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60176B23-2751-4415-A0D3-DF1BE640F6C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FABA79A-A70A-40A5-ADA7-893EAB42FE9E\"}]}]}],\"references\":[{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4213\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93251\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"https://support.lenovo.com/us/en/product_security/ps500070\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"http://nvidia.custhelp.com/app/answers/detail/a_id/4213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.lenovo.com/us/en/product_security/ps500070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.