Vulnerability Details : CVE-2016-8810
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
Vulnerability category: Denial of service
Products affected by CVE-2016-8810
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8810
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8810
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-8810
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8810
-
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Security Bulletin: Vulnerabilities in NVIDIA Windows GPU Display Driver and NVIDIA GeForce Experience | NVIDIAPatch;Vendor Advisory
-
https://www.exploit-db.com/exploits/40665/
NVIDIA Driver - Missing Bounds Check in Escape 0x100009aThird Party Advisory;VDB Entry
-
https://support.lenovo.com/us/en/solutions/LEN-10822
NVidia Windows GPU Display Driver Contains Multiple Vulnerabilities in the Kernel Mode Layer - USThird Party Advisory
-
http://www.securityfocus.com/bid/93997
NVIDIA GPU Display Driver CVE-2016-8810 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to