Kernel Mode Layer Vulnerability in NVIDIA Graphics Driver
CVE-2016-8805

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Quadro, Nvs, And Geforce (all Versions)
Vendor: CVE Published:; 8 November 2016

What is CVE-2016-8805?

A vulnerability exists in the NVIDIA Windows GPU Display Driver affecting various Quadro, NVS, and GeForce products. The vulnerability lies in the kernel mode layer (nvlddmkm.sys) where a specific value passed from the user is utilized without proper validation. This oversight allows for the possibility of user-controlled values to access an internal array, which could lead to denial of service or potentially escalating privileges, making systems susceptible to unauthorized access.

Affected Version(s)

Quadro, NVS, and GeForce (all ) Quadro, NVS, and GeForce (all versions)

References

https://support.lenovo.com/us/en/solutions/LEN-10822

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94001

vdb-entryx_refsource_BID

http://nvidia.custhelp.com/app/answers/detail/a_id/4247

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2016
Vulnerability Reserved
Oct 18, 2016

Nvidia

What is CVE-2016-8805?

Affected Version(s)

References

CVSS V3.1

Timeline