PatchSiren cyber security CVE debrief
CVE-2017-0308 Microsoft CVE debrief
CVE-2017-0308 is a high-severity vulnerability in NVIDIA's Windows GPU Display Driver kernel-mode component. According to NVD, untrusted input is used in a buffer size calculation in the nvlddmkm.sys DxgkDdiEscape handler, which can result in denial of service or escalation of privileges. The issue is local, requires low privileges, and is classified by NVD as CWE-119. From a defensive perspective, this is primarily a workstation, VDI, and endpoint hardening issue for systems running affected NVIDIA GPU drivers.
- Vendor
- Microsoft
- Product
- CVE-2017-0308
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-15
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-15
- Advisory updated
- 2026-05-13
Who should care
Windows endpoint, workstation, VDI, and desktop engineering teams; security operations teams; and administrators responsible for systems with NVIDIA GPU display drivers installed.
Technical summary
NVD describes the flaw as an input-validation problem in the NVIDIA Windows GPU Display Driver kernel-mode layer (nvlddmkm.sys), specifically in the DxgkDdiEscape handler. Untrusted input is used for a buffer size calculation, which can enable denial of service or privilege escalation. NVD assigns CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H and weakness CWE-119. The affected CPE in the record is NVIDIA GPU driver for Windows; the Microsoft CPE shown in the record is marked non-vulnerable.
Defensive priority
High. Because the flaw can lead to kernel-mode impact and local privilege escalation on affected systems, patching or driver remediation should be prioritized on any Windows endpoint that relies on NVIDIA GPU drivers.
Recommended defensive actions
- Check Windows systems for installed NVIDIA GPU display drivers and identify versions affected by the advisory referenced in NVD.
- Apply the vendor-recommended driver update or mitigation from NVIDIA PSIRT advisory 4398.
- Prioritize remediation on privileged workstations, engineering systems, and VDI hosts where local abuse would have broader impact.
- If immediate patching is not possible, reduce exposure by limiting unnecessary local access and monitoring for suspicious driver-related crashes or privilege-escalation activity.
- Track remediation using the CVE record and NVD entry to confirm the affected driver package is no longer present.
Evidence notes
The core facts come from the NVD CVE record and its referenced NVIDIA vendor advisory. NVD lists the vulnerability as affecting NVIDIA GPU drivers on Windows, with a kernel-mode issue in nvlddmkm.sys DxgkDdiEscape handling. The CVSS vector and CWE-119 classification are taken from the NVD metadata. The provided vendor field in the input says Microsoft, but the source corpus indicates NVIDIA as the affected vendor; this debrief follows the source corpus and official references.
Official resources
-
CVE-2017-0308 CVE record
CVE.org
-
CVE-2017-0308 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2017-02-15 per the CVE and NVD publication timestamp. The NVD record was modified on 2026-05-13, but that is not the original disclosure date.