First published: Tue Nov 08 2016(Updated: )
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
Credit: psirt@nvidia.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nvidia Gpu Driver | >=340<342.00 | |
Nvidia Gpu Driver | >=375<375.63 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-8805 is rated as a high severity vulnerability due to its potential impact on system stability and security.
To fix CVE-2016-8805, update the NVIDIA GPU Display Driver to version 342.00 or later for R340 series, and version 375.63 or later for R375 series.
CVE-2016-8805 affects NVIDIA Quadro, NVS, and GeForce products that are using specific versions of the NVIDIA Windows GPU Display Driver.
CVE-2016-8805 can potentially be exploited by local attackers with standard user privileges who can send crafted commands to the GPU driver.
Exploitation of CVE-2016-8805 may lead to denial of service or escalation of privileges, allowing an attacker to execute arbitrary code.