CVE-2016-7387

Published on: 11/08/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Windows from Microsoft contain the following vulnerability:

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.

  • CVE-2016-7387 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Security Bulletin: Vulnerabilities in NVIDIA Windows GPU Display Driver and NVIDIA GeForce Experience | NVIDIA Patch
Vendor Advisory
nvidia.custhelp.com
text/html
URL Logo CONFIRM nvidia.custhelp.com/app/answers/detail/a_id/4247
NVIDIA GPU Driver CVE-2016-7387 Local Privilege Escalation Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93985
Solutions len 10822 Third Party Advisory
support.lenovo.com
text/html
URL Logo CONFIRM support.lenovo.com/us/en/solutions/LEN-10822
NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D - Windows dos Exploit Exploit
Third Party Advisory
VDB Entry
www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40659

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
MicrosoftWindowsAllAllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
ApplicationNvidiaGpu DriverAllAllAllAll
ApplicationNvidiaGpu DriverAllAllAllAll
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*: