Skip to main content

Improper Validation of Array Index

CVE-2017-0345

Severity High
Score 7.8/10

Summary

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-129 - Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

Advisory Timeline

  • Published