CVE-2023-31017 CVE

2023-11-0218:56:19

CWE-552

nvidia

www.cve.org

nvidia gpu

display driver

windows

vulnerability

arbitrary data

reparse points

code execution

denial of service

privilege escalation

information disclosure

data tampering

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"
      }
    ]
  }
]