CVE-2023-31019 CVE

2023-11-0218:56:20

CWE-284

nvidia

www.cve.org

nvidia

gpu

display driver

vulnerability

wksserviceplugin.dll

named pipe

access restriction

client impersonation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client’s secure context.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"
      }
    ]
  }
]