CVE-2017-0314 Microsoft CVE debrief

Who should care

Windows endpoint teams, workstation and VDI administrators, and security teams managing systems that use NVIDIA GPU drivers should care most. The issue is especially relevant where low-privileged local users or code execution are possible on affected hosts.

Technical summary

NVD describes the flaw as occurring in nvlddmkm.sys, specifically in the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual). The weakness is classified as CWE-119, and the CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local attack requiring low privileges but with potentially severe confidentiality, integrity, and availability impact.

Defensive priority

High. The vulnerability is local in attack vector, but the combination of low privilege requirements and high impact makes it important to prioritize on any system running affected NVIDIA Windows GPU Display Driver versions.

Recommended defensive actions

• Identify Windows systems that use NVIDIA GPU Display Driver packages and prioritize them for review.
• Check the NVIDIA advisory referenced by NVD (a_id/4398) for vendor guidance and any remediated driver releases.
• Apply vendor-provided driver updates or mitigations as soon as an approved fixed package is available.
• Use least-privilege access on endpoints and restrict unnecessary local user access on high-value systems.
• Validate that driver update processes cover workstations, VDI hosts, and other GPU-enabled Windows fleets.

Evidence notes

The supplied NVD record says all versions of NVIDIA Windows GPU Display Driver are affected and ties the flaw to nvlddmkm.sys in DxgkDdiSubmitCommandVirtual. The NVD metadata includes CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and CWE-119. NVD also lists the NVIDIA vendor advisory as a reference. The CVE was published on 2017-02-15; later modified metadata dates should not be treated as the issue date.

Official resources