CVE-2023-31017 CVE

2023-11-0218:56:19

CWE-552

nvidia

github.com

nvidia

gpu

display driver

vulnerability

arbitrary data

write

reparse points

code execution

denial of service

escalation of privileges

information disclosure

data tampering

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*"
    ],
    "vendor": "nvidia",
    "product": "gpu_display_driver",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "16.1"
      },
      {
        "status": "affected",
        "version": "o",
        "versionType": "custom",
        "lessThanOrEqual": "september2023"
      }
    ],
    "defaultStatus": "unknown"
  }
]