Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8812Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Geforce Experience

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nvidia Geforce Experience
Timeline
PublishedNov 8
Latest updateMay 17

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages1 packages

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

5
GHSA
GHSA-2qfm-pppv-fqqv: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 22022-05-17
CVEList
CVE-2016-8812: For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 22016-11-08
OSV
linux-lts-wily vulnerabilities2016-04-06
OSV
linux-lts-vivid vulnerabilities2016-04-06
OSV
linux vulnerabilities2016-04-06

💥Exploits & PoCs

1
Exploit-DB
NVIDIA Driver - NvStreamKms 'PsSetCreateProcessNotifyRoutineEx Local Stack Buffer Overflow Callback / Local Privilege Escalation2016-10-31
CVE-2016-8812 — Nvidia Geforce Experience vulnerability | cvebase