Vulnerability Details CVE-2016-7391
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://nvidia.custhelp.com/app/answers/detail/a_id/4247
- http://www.securityfocus.com/bid/93987
- https://support.lenovo.com/us/en/solutions/LEN-10822
- https://www.exploit-db.com/exploits/40661/
- http://nvidia.custhelp.com/app/answers/detail/a_id/4247
- http://www.securityfocus.com/bid/93987
- https://support.lenovo.com/us/en/solutions/LEN-10822
- https://www.exploit-db.com/exploits/40661/
Products affected by CVE-2016-7391
-
cpe:2.3:a:nvidia:gpu_driver:340
-
cpe:2.3:a:nvidia:gpu_driver:340.52
-
cpe:2.3:a:nvidia:gpu_driver:340.65
-
cpe:2.3:a:nvidia:gpu_driver:340.76
-
cpe:2.3:a:nvidia:gpu_driver:340.96
-
cpe:2.3:a:nvidia:gpu_driver:340.98
-
cpe:2.3:a:nvidia:gpu_driver:341.92
-
cpe:2.3:a:nvidia:gpu_driver:341.96
-
cpe:2.3:a:nvidia:gpu_driver:341.98
-
cpe:2.3:a:nvidia:gpu_driver:375
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista