CVE-2016-7384

HIGH

NVIDIA GPU Driver R340 < 342.00 & R375 < 375.63 - DoS or Privilege Escalation via UVMLiteController IOCTL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7384. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit targets a vulnerability in the nvlddmkm.sys driver, specifically the \\.\UVMLiteController device, which allows arbitrary memory writes due to lack of validation for input/output buffers. The PoC triggers a BSOD by writing to an invalid memory address (0x4141414141414141+0x30).

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/40655

View Code ZIP pw:eip

The exploit targets a vulnerability in the nvlddmkm.sys driver, specifically the \\.\UVMLiteController device, which allows arbitrary memory writes due to lack of validation for input/output buffers. The PoC triggers a BSOD by writing to an invalid memory address (0x4141414141414141+0x30).

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: NVIDIA nvlddmkm.sys driver (versions affected by CVE-2016-7384)

No auth needed

Prerequisites: Access to a system with vulnerable NVIDIA driver · Ability to execute arbitrary code in user mode

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory x_refsource_confirm

https://support.lenovo.com/us/en/solutions/LEN-10822

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40655/

Patch, Vendor Advisory x_refsource_confirm

http://nvidia.custhelp.com/app/answers/detail/a_id/4247

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93983

Scores

CVSS v3 7.8

EPSS 0.0146

EPSS Percentile 70.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (2)

n/a/Quadro, NVS, and GeForce (all versions) Quadro, NVS, and GeForce (all versions)

nvidia/gpu_driver 340 - 342.00

Published Nov 08, 2016

Tracked Since Feb 18, 2026