CVE-2016-8809

moderate-risk

Published 2016-11-08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40664

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Gpu Driver

Affected Vendors

Nvidia

References (8)

Patch http://nvidia.custhelp.com/app/answers/detail/a_id/4247

Third Party Advisory http://www.securityfocus.com/bid/93992

Third Party Advisory https://support.lenovo.com/us/en/solutions/LEN-10822

Third Party Advisory https://www.exploit-db.com/exploits/40664/

Patch http://nvidia.custhelp.com/app/answers/detail/a_id/4247

Third Party Advisory http://www.securityfocus.com/bid/93992

Third Party Advisory https://support.lenovo.com/us/en/solutions/LEN-10822

Third Party Advisory https://www.exploit-db.com/exploits/40664/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 8/34 · Low

Exposure 5/34 · Minimal