CVE-2016-8806

HIGH

NVIDIA Windows GPU Display Driver and R375 before 375.63 <342.00-375.63 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8806. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a vulnerability in the NVIDIA GPU driver (CVE-2016-8806) where the DxgkDdiEscape handler for 0x5000027 fails to validate a user-provided pointer, leading to arbitrary read/write operations. The PoC triggers a crash by dereferencing a controlled pointer (0x4141414141414141), demonstrating the vulnerability.

Description

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without validation, leading to denial of service or potential escalation of privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/40663

This exploit targets a vulnerability in the NVIDIA GPU driver (CVE-2016-8806) where the DxgkDdiEscape handler for 0x5000027 fails to validate a user-provided pointer, leading to arbitrary read/write operations. The PoC triggers a crash by dereferencing a controlled pointer (0x4141414141414141), demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA GPU driver (nvlddmkm.sys) on Windows 10 x64 with driver version 372.54
No auth needed
Prerequisites: Windows 10 x64 · NVIDIA GPU driver version 372.54 · WDK for D3DKMTEscape
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-10822
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93990
Patch, Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4247
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40663/

Scores

CVSS v3 7.8
EPSS 0.0163
EPSS Percentile 73.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (2)
n/a/Quadro, NVS, and GeForce (all versions) Quadro, NVS, and GeForce (all versions)
nvidia/gpu_driver 340 - 342.00
Published Nov 08, 2016
Tracked Since Feb 18, 2026