- Description
- The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:gpu_driver_r304:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC74053E-FBF0-4CF9-B2B9-437ABAE34D95",
"versionEndIncluding": "309.07"
},
{
"criteria": "cpe:2.3:a:nvidia:gpu_driver_r340:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25E2781B-1C6F-4943-A88D-9642F4D0E4D3",
"versionEndIncluding": "341.43"
},
{
"criteria": "cpe:2.3:a:nvidia:gpu_driver_r343:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C2353E8-A4E7-47E3-AB0C-6C6B013568A3",
"versionEndIncluding": "345.19"
},
{
"criteria": "cpe:2.3:a:nvidia:gpu_driver_r346:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B8DEF4C-8089-41FF-9587-C3B8A1329C61",
"versionEndIncluding": "347.51"
}
],
"operator": "OR"
}
]
}
]