CVE-2016-8808 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-8808 PUBLISHED CVSS 7.800000190734863 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

EPSS 0.39% · 60.1th percentile

Risk Scores

CVSS v3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.39%

60.1th percentile

Affected Products

Vendor	Product	Versions
n/a	Quadro, NVS, and GeForce (all versions)	Quadro, NVS, and GeForce (all versions)
nvidia	gpu_driver	340, 375

Timeline

Oct 31, 2016 PoC Published
Nov 1, 2016 PoC Published
Nov 8, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://support.lenovo.com/us/en/solutions/LEN-10822 url
40666 exploit
http://nvidia.custhelp.com/app/answers/detail/a_id/4247 url
93999 vdb
https://nvd.nist.gov/vuln/detail/CVE-2016-8808 advisory
https://www.exploit-db.com/exploits/40666 url

Open in Interactive Console →