CVE-2016-7386

MEDIUM

NVIDIA GPU Driver R340 < 342.00 and R375 < 375.63 - Kernel Memory Leak via DxgDdiEscape Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7386. PoCs published by Google Security Research.

AI-analyzed exploit summary The analysis describes an information leak vulnerability in the NVIDIA GPU driver (CVE-2016-7386) where uninitialized kernel memory is copied to user space via the DxgkDdiEscape escape code 0x70000D4. The provided pseudocode and explanation detail the flaw but do not include executable exploit code.

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/40656

The analysis describes an information leak vulnerability in the NVIDIA GPU driver (CVE-2016-7386) where uninitialized kernel memory is copied to user space via the DxgkDdiEscape escape code 0x70000D4. The provided pseudocode and explanation detail the flaw but do not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: NVIDIA GPU driver (Windows)
No auth needed
Prerequisites: Access to the NVIDIA GPU driver escape code functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-10822
Patch, Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93982
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40656/

Scores

CVSS v3 5.5
EPSS 0.0141
EPSS Percentile 69.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
n/a/Quadro, NVS, and GeForce (all versions) Quadro, NVS, and GeForce (all versions)
nvidia/gpu_driver 340 - 342.00
Published Nov 08, 2016
Tracked Since Feb 18, 2026