Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8808

CWE-2645 documents5 sources

Severity

7.8HIGH

EPSS

0.4%

top 39.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nvidia GPU Driver

Timeline

PublishedNov 8

Latest updateMay 14

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnvidia/gpu_driver340 — 342.00+1

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-p72v-8rh8-8xhc: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342↗2022-05-14

▶

CVEList

CVE-2016-8808: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342↗2016-11-08

▶

💥Exploits & PoCs

Exploit-DB

NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5↗2016-10-31

▶

💬Community

Bugzilla

CVE-2015-8808 GraphicsMagick: out-of-bound read in the parsing of GIF files↗2016-02-08

▶