CVE Daily
← All tags

Tag: NVIDIA Driver

All CVEs associated with "NVIDIA Driver". Page 9/9 • 1025 CVEs.

Subscribe CVEs: RSS for “NVIDIA Driver”  ·  RSS (High+Critical only)

About “NVIDIA Driver”

A curated feed of “NVIDIA Driver”-related CVEs appears below. We currently track 1025 CVEs for this tag (all time). In the last 365 days, 251 were published. Average CVSS is 6.8 (all time; 7.0 over 365d), and 60% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-502 - Deserialization of Untrusted Data, CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Drivers and firmware affect stability and security. Update firmware or drivers, plan reboots, and validate compatibility on pilot groups first. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2016-11-08
High

CVE-2016-4959

For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2016-3161

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successf…

CVSS: 7.8 CWE: N/A View on NVD
2016-10-10
Medium

CVE-2016-6688

The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6687

The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6686

The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-6677

The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-6673

The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3930

The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-09-11
High

CVE-2016-3873

The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-08-05
High

CVE-2016-3848

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-3847

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-07-11
Medium

CVE-2016-3815

The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2016-3814

The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2016-3793

The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-3769

The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-06-19
High

CVE-2016-1861

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted ap…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-06-13
High

CVE-2016-2491

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-2490

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-05-20
High

CVE-2016-1846

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-05-09
High

CVE-2016-2446

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354.

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-2445

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-2444

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.

CVSS: 7.0 CWE: CWE-264 View on NVD
High

CVE-2016-2437

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-2436

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-2435

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-2434

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-04-12
High

CVE-2016-2558

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-2557

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from ker…

CVSS: 8.4 CWE: CWE-264 View on NVD
High

CVE-2016-2556

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which…

CVSS: 7.8 CWE: CWE-264 View on NVD
2016-03-24
Critical

CVE-2016-1741

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) vi…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-11-24
Medium

CVE-2015-8328

Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive…

CVSS: 6.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-7869

Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before…

CVSS: 6.6 CWE: CWE-189 View on NVD
High

CVE-2015-7866

Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 bef…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2015-7865

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to…

CVSS: 7.7 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2015-5053

The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict acc…

CVSS: 10.0 CWE: CWE-284 - Improper Access Control View on NVD
2015-10-23
Medium

CVE-2015-7020

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read…

CVSS: 5.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-7019

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read…

CVSS: 5.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-09-30
Medium

CVE-2015-5950

The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-07-18
High

CVE-2015-3625

The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R…

CVSS: 7.2 CWE: CWE-264 View on NVD
2015-07-03
Critical

CVE-2015-3712

The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-04-10
High

CVE-2015-1137

The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.

CVSS: 7.2 CWE: N/A View on NVD
2015-03-06
High

CVE-2015-1170

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel adm…

CVSS: 7.2 CWE: CWE-264 View on NVD
2015-02-06
Medium

CVE-2014-5332

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by us…

CVSS: 6.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2014-12-10
High

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and…

CVSS: 7.5 CWE: CWE-19 View on NVD
2014-01-21
High

CVE-2013-5987

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2013-5986

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.

CVSS: 10.0 CWE: N/A View on NVD
2013-09-18
Low

CVE-2013-1729

The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

CVSS: 2.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2013-07-10
Medium

CVE-2013-2874

Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL…

CVSS: 4.3 CWE: CWE-264 View on NVD
2013-04-08
High

CVE-2013-0131

Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users…

CVSS: 7.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-0111

daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service pa…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2013-0110

nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2013-0109

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cau…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-11-19
High

CVE-2012-4225

NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.

CVSS: 7.2 CWE: CWE-264 View on NVD
2012-06-05
Critical

CVE-2012-3105

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMon…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-05-16
Critical

CVE-2011-3101

Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MF…

CVSS: 10.0 CWE: N/A View on NVD
2012-04-22
Medium

CVE-2012-0946

The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.

CVSS: 4.6 CWE: CWE-264 View on NVD
2011-12-27
High

CVE-2011-4784

The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properly handle commands sent to a named pipe, which allows local users to gain privileges via a crafted application.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2011-06-30
High

CVE-2011-2603

The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as d…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2011-2602

The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla F…

CVSS: 7.1 CWE: CWE-399 View on NVD
2011-01-22
Low

CVE-2011-0636

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2008-11-18
Medium

CVE-2008-5144

nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-07-27
High

CVE-2007-3532

NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-07-25
Medium

CVE-2007-3531

The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.

CVSS: 6.6 CWE: N/A View on NVD
2006-12-07
Medium

CVE-2006-6340

keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this i…

CVSS: 5.0 CWE: N/A View on NVD
2006-10-18
High

CVE-2006-5379

The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD