PatchSiren cyber security CVE debrief
CVE-2017-0322 Microsoft CVE debrief
CVE-2017-0322 affects NVIDIA Windows GPU Display Driver versions described by NVD as vulnerable across the gpu_driver product line. The issue is in the kernel-mode layer (nvlddmkm.sys) handler, where a user-controlled value is not correctly validated before being used as an array index. NVD rates the weakness as CVE-3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and maps it to CWE-129 (improper validation of array index). The practical impact is denial of service and potential escalation of privileges on affected Windows systems. NVIDIA’s vendor advisory is the primary remediation reference in the supplied corpus.
- Vendor
- Microsoft
- Product
- CVE-2017-0322
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-15
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-15
- Advisory updated
- 2026-05-13
Who should care
Windows administrators, endpoint security teams, and users running NVIDIA Windows GPU Display Driver on systems where local users or untrusted code may reach the driver interface. This is especially relevant for environments that allow non-admin software execution on workstations, VDI hosts, or shared systems.
Technical summary
The flaw is a kernel-mode validation error in nvlddmkm.sys. A value supplied from user space is used as an array index without sufficient validation, creating an out-of-bounds or incorrect-index condition. Because the issue is in the driver’s kernel-mode path, successful abuse could affect system stability and integrity, not just the application process. The supplied NVD metadata associates the issue with CWE-129 and a local attack vector.
Defensive priority
High. Kernel-mode driver flaws can have system-wide impact, and the supplied CVSS score is 7.8 (High). Treat this as a priority patching and validation item for any endpoint fleet using affected NVIDIA Windows GPU drivers.
Recommended defensive actions
- Review the NVIDIA advisory linked in the NVD record for fixed releases and mitigation guidance.
- Inventory Windows systems with NVIDIA GPU drivers to determine exposure.
- Prioritize patching on endpoints where local user access or third-party software execution is common.
- Test driver updates in a controlled rollout before broad deployment, especially on graphics-sensitive systems.
- If immediate patching is not possible, reduce exposure by limiting untrusted local code execution and tightening local user permissions where feasible.
- Recheck your vulnerability management source of truth for updates, since the NVD record was modified later and may contain additional reference detail.
Evidence notes
Source evidence in the supplied corpus identifies the vulnerable component as NVIDIA Windows GPU Display Driver and the affected kernel-mode handler as nvlddmkm.sys. NVD lists the weakness as CWE-129 and the CVSS v3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, with a vendor advisory reference from NVIDIA PSIRT (http://nvidia.custhelp.com/app/answers/detail/a_id/4398). The CVE publication date used here is 2017-02-15T23:59:00.540Z, per the supplied timeline fields.
Official resources
-
CVE-2017-0322 CVE record
CVE.org
-
CVE-2017-0322 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2017-02-15. The supplied corpus does not include a KEV listing or known ransomware campaign use.