Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7386

CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 48.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nvidia GPU Driver
Timeline
PublishedNov 8
Latest updateMay 14

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDnvidia/gpu_driver340342.00+1

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

2
GHSA
GHSA-p2pm-79xh-79wr: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 3422022-05-14
CVEList
CVE-2016-7386: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 3422016-11-08

💥Exploits & PoCs

1
Exploit-DB
NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace2016-10-31
CVE-2016-7386 (MEDIUM CVSS 5.5) | For the NVIDIA Quadro | cvebase.io