CVE-2017-0316: Input Validation
First published: Mon Oct 16 2017(Updated: )
In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges.
Credit: psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA GeForce Experience | >=3.0<3.10.0.55 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-0316?
CVE-2017-0316 has a medium severity rating due to its potential for denial of service and privilege escalation.
How do I fix CVE-2017-0316?
To fix CVE-2017-0316, update GeForce Experience to version 3.10.0.55 or later.
Which versions of GeForce Experience are affected by CVE-2017-0316?
CVE-2017-0316 affects GeForce Experience versions prior to 3.10.0.55.
Does CVE-2017-0316 affect Microsoft Windows?
CVE-2017-0316 does not affect Microsoft Windows itself but is related to the GeForce Experience software running on it.
What happens if CVE-2017-0316 is exploited?
Exploitation of CVE-2017-0316 may lead to a denial of service or possible escalation of privileges for an attacker.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/nvidia
- canonical/nvidia geforce experience
- version/nvidia geforce experience/3.0
- vendor/microsoft
- canonical/microsoft windows