CVE-2016-8808 — Vulnetix

CVE-2016-8808 PUBLISHED CVSS 7.800000190734863 HIGH

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

EPSS 0.83% · 75.0th percentile

Risk Scores

CVSS 3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.83%

75.0th percentile

Affected Products

Vendor	Product	Versions
n/a	Quadro, NVS, and GeForce (all versions)	Quadro, NVS, and GeForce (all versions)
nvidia	gpu_driver	340, 375

Exploit Intelligence

CIRCL exploited: CVE-2016-8808 (circl-sighting)
https://support.lenovo.com/us/en/solutions/LEN-10822 (circl)
http://nvidia.custhelp.com/app/answers/detail/a_id/4247 (circl)
93999 (circl)
40666 (cve.org)
NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5 Exploit (0day-today)
NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5 Exploit (0day-today)

Timeline

Oct 31, 2016 PoC Published
Nov 1, 2016 PoC Published
Nov 8, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://support.lenovo.com/us/en/solutions/LEN-10822 url
40666 exploit
http://nvidia.custhelp.com/app/answers/detail/a_id/4247 url
93999 vdb
https://nvd.nist.gov/vuln/detail/CVE-2016-8808 advisory
https://www.exploit-db.com/exploits/40666 url

Open in Interactive Console →