CVE-2016-4960
high
CVSS v3
7.3
CVSS v4 NEW
โ
VIR risk
7.3
Description
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
Predictions
Exploit likelihood
72%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| nvidia | geforce_experience | - | |
| nvidia | geforce_910m | - | |
| nvidia | geforce_920m | - | |
| nvidia | geforce_920mx | - | |
| nvidia | geforce_930m | - | |
| nvidia | geforce_930mx | - | |
| nvidia | geforce_940m | - | |
| nvidia | geforce_940mx | - | |
| nvidia | geforce_945m | - | |
| nvidia | geforce_gt_710 | - | |
| nvidia | geforce_gt_730 | - | |
| nvidia | geforce_gtx_1050 | - | |
| nvidia | geforce_gtx_1060 | - | |
| nvidia | geforce_gtx_1070 | - | |
| nvidia | geforce_gtx_1080 | - | |
| nvidia | geforce_gtx_950m | - | |
| nvidia | geforce_gtx_960m | - | |
| nvidia | geforce_gtx_965m | - | |
| nvidia | nvs_310 | - | |
| nvidia | nvs_315 | - | |
| nvidia | nvs_510 | - | |
| nvidia | nvs_810 | - | |
| nvidia | quadro_k1200 | - | |
| nvidia | quadro_k420 | - | |
| nvidia | quadro_k620 | - | |
| nvidia | quadro_m1000m | - | |
| nvidia | quadro_m2000 | - | |
| nvidia | quadro_m2000m | - | |
| nvidia | quadro_m3000m | - | |
| nvidia | quadro_m4000 | - | |
| nvidia | quadro_m4000m | - | |
| nvidia | quadro_m5000 | - | |
| nvidia | quadro_m5000m | - | |
| nvidia | quadro_m500m | - | |
| nvidia | quadro_m5500 | - | |
| nvidia | quadro_m6000 | - | |
| nvidia | quadro_m600m | - | |
| nvidia | quadro_p5000 | - | |
| nvidia | quadro_p6000 | - | |
| nvidia | titan_x | - | |
References
- http://nvidia.custhelp.com/app/answers/detail/a_id/4213
- http://www.securityfocus.com/bid/93251
- https://support.lenovo.com/us/en/product_security/ps500070
- http://nvidia.custhelp.com/app/answers/detail/a_id/4213
- http://www.securityfocus.com/bid/93251
- https://support.lenovo.com/us/en/product_security/ps500070
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.