PatchSiren cyber security CVE debrief
CVE-2017-0311 Freebsd CVE debrief
CVE-2017-0311 is a high-severity access control flaw affecting NVIDIA GPU Display Driver R378 in the kernel mode layer handler. NVD rates the issue as local, low-complexity, and requiring low privileges, with potential impact to confidentiality, integrity, and availability. The reported effect is denial of service or possible escalation of privileges.
- Vendor
- Freebsd
- Product
- CVE-2017-0311
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-15
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-15
- Advisory updated
- 2026-05-13
Who should care
Organizations and individuals running affected NVIDIA GPU drivers on desktops, workstations, or servers should care most, especially where local users or untrusted code can run on the system. Platform owners should also review driver packages and update processes for systems that include NVIDIA graphics support.
Technical summary
NVD identifies the vulnerability as CWE-732, improper access control, in NVIDIA GPU driver software. The published CVSS v3.0 vector is AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating a local attack path with significant downstream impact if exploited. The source metadata lists NVIDIA GPU driver as vulnerable, while FreeBSD, Linux kernel, Microsoft Windows, and Oracle Solaris CPEs are marked not vulnerable in the NVD record provided.
Defensive priority
High for any environment that uses the affected NVIDIA driver line. Because exploitation is local and can lead to privilege escalation or service disruption, patching and driver version validation should be treated as a priority on multi-user systems and endpoints that permit local code execution.
Recommended defensive actions
- Review installed NVIDIA GPU driver versions and compare them with the vendor advisory referenced by NVD.
- Apply the vendor-recommended driver update or mitigation from NVIDIA PSIRT reference 4398.
- Restrict untrusted local code execution where feasible, since the attack path is local and requires low privileges.
- Validate that affected systems are not running the vulnerable driver package after remediation.
- Monitor for unexpected crashes, driver resets, or privilege-related anomalies on systems with NVIDIA graphics drivers.
Evidence notes
Primary evidence comes from the NVD CVE record modified 2026-05-13 and the CVE publication date 2017-02-15. NVD lists vendor advisory reference http://nvidia.custhelp.com/app/answers/detail/a_id/4398 and classifies the issue as CWE-732 with CVSS v3.0 vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The supplied NVD CPE data marks NVIDIA GPU driver as vulnerable and FreeBSD, Linux kernel, Microsoft Windows, and Oracle Solaris entries as not vulnerable.
Official resources
-
CVE-2017-0311 CVE record
CVE.org
-
CVE-2017-0311 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2017-02-15; the NVD record was modified on 2026-05-13.