CVE-2015-8328

Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions.

CVSS v2.0 6.6 MEDIUM

6.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:P/A:C

Exploitability : 3.4 / Impact : 9.5

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1034176	Third Party Advisory VDB Entry
http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:gpu_driver::::::::
	cpe:2.3:a:nvidia:gpu_driver::::::::
	cpe:2.3:a:nvidia:gpu_driver::::::::

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Information

Published : 2015-11-24 12:59

Updated : 2019-02-14 11:25

NVD link : CVE-2015-8328

Mitre link : CVE-2015-8328

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

nvidia

gpu_driver

microsoft

windows

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id/1034176", "name": "1034176", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security", "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3808/kw/security", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-8328", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 9.5, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-11-24T20:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "354.35", "versionStartIncluding": "352"}, {"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "358.87", "versionStartIncluding": "358"}, {"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "341.92", "versionStartIncluding": "340"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-02-14T19:25Z"}