PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-0312 Microsoft CVE debrief

CVE-2017-0312 affects the NVIDIA Windows GPU Display Driver in the kernel-mode component nvlddmkm.sys. NVD describes a flaw in the DxgkDdiEscapeID 0x100008b handler where user-supplied input is used as a loop limit, creating a path to denial of service or potential privilege escalation. The issue is rated HIGH in NVD with a local attack vector and no user interaction required.

Vendor
Microsoft
Product
CVE-2017-0312
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-15
Original CVE updated
2026-05-13
Advisory published
2017-02-15
Advisory updated
2026-05-13

Who should care

Windows administrators, endpoint security teams, and users running NVIDIA GPU Display Driver packages on Windows systems should care most, especially where local users, untrusted software, or multi-user workloads are present.

Technical summary

The vulnerable code path is in the kernel-mode driver nvlddmkm.sys. According to NVD, the DxgkDdiEscapeID 0x100008b handler uses attacker-controlled input as the bound for a loop, which maps to improper input validation (CWE-20). NVD assigns CVSS v3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack requiring low privileges and capable of high impact if triggered.

Defensive priority

High. Treat as a kernel-driver security issue with potential local privilege escalation impact; prioritize patching or driver updates on exposed Windows endpoints and workstations.

Recommended defensive actions

  • Update NVIDIA GPU Display Driver packages to a vendor-fixed version referenced by the NVIDIA advisory.
  • Inventory Windows systems that load NVIDIA GPU drivers and identify any stale or unsupported driver releases.
  • Restrict local user access and reduce opportunities for untrusted code execution on affected endpoints.
  • Monitor for unusual crashes, driver resets, or kernel-mode instability on systems using the affected driver branch.
  • Validate that endpoint management and software baselines prevent reinstallation of vulnerable driver versions.

Evidence notes

NVD describes the flaw as a kernel-mode vulnerability in nvlddmkm.sys for DxgkDdiEscapeID 0x100008b where user-provided input is used as a loop limit, leading to denial of service or potential privilege escalation. The supplied NVD metadata assigns CVSS v3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and CWE-20. References in the corpus include a NVIDIA vendor advisory and an Exploit-DB reference. The supplied metadata also contains a vendor-field inconsistency: the description and vulnerable CPE point to NVIDIA GPU driver software, while the vendor object is labeled Microsoft.

Official resources

Publicly disclosed in the CVE record on 2017-02-15 and last modified in the supplied source data on 2026-05-13. No CISA KEV entry was provided in the corpus.