Bugs are inevitable in complex systems and software. Operating systems and device drivers are prime examples where layers of abstraction help hide complexity and allow hardware and software to communicate. Thus, when bugs are identified that could compromise, disrupt, or bring systems to a halt, care must be taken to address them. Talos, in coordination with NVIDIA, is disclosing the existence of a local denial of service bug in the NVIDIA Windows Kernel Mode Driver: TALOS-2016-0217 (CVE-2016-8823).
TALOS-2016-0217 manifests as a deficiency in the handling of messages in the communication functionality of the NVIDIA Windows Kernel Mode Driver. Exploitation of this flaw could result in a denial of service condition where the system enters a bug check (blue screen crash). The execution of an application that sends a specifically crafted message to the driver could trigger this vulnerability.
Known Affected Versions:
- NVIDIA GeForce Windows Kernel Mode Driver, 372.70 (21.21.13.7270)
- NVIDIA GeForce Windows Kernel Mode Driver, 372.90 (21.21.13.7290)
For further details about this vulnerability, please visit our Vulnerability Advisory portal on our website here:
http://www.talosintelligence.com/vulnerability-reports/
In response to the disclosure of this vulnerability, NVIDIA has released a software update, version 376.33, to address this flaw which is available for download. Additionally, Talos has developed Snort rules that detect attempt to exploit this vulnerability. Note that additional rules may be released at a future date and current rules are subject to change pending additional information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 40934-40935