CVE DATABASE / CVE-2018-8406
CVE-2018-8406
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
Confirmed exploited in the wild. Added 2022-03-28.
Federal remediation due 2022-04-18.
Required action: Apply updates per vendor instructions.
Summary
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/105012
- http://www.securitytracker.com/id/1041461
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8406
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.