CVE-2023-31027 CVE

2023-11-0218:56:23

CWE-427

nvidia

www.cve.org

nvidia

gpu

display driver

windows

privilege escalation

vulnerability

administrator

updating

drivers

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver",
    "vendor": "nvidia",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"
      }
    ]
  }
]