CVE-2015-1170

Published Mar 6, 2015

Last updated 8 years ago

Overview

Description: The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_driver_r304:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC74053E-FBF0-4CF9-B2B9-437ABAE34D95",
            "versionEndIncluding": "309.07"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_driver_r340:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25E2781B-1C6F-4943-A88D-9642F4D0E4D3",
            "versionEndIncluding": "341.43"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_driver_r343:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C2353E8-A4E7-47E3-AB0C-6C6B013568A3",
            "versionEndIncluding": "345.19"
          },
          {
            "criteria": "cpe:2.3:a:nvidia:gpu_driver_r346:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8DEF4C-8089-41FF-9587-C3B8A1329C61",
            "versionEndIncluding": "347.51"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References