Local User Vulnerability in NVIDIA GPU Display Driver for Linux
CVE-2022-31607

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Cloud Gaming (guest Driver), Nvidia Cloud Gaming (virtual Gpu Manager)
Vendor: CVE Published:; 19 November 2022

Summary

The NVIDIA GPU Display Driver for Linux contains a vulnerability within its kernel mode layer (nvidia.ko) that allows a local user to manipulate improper input validation. This exploit can lead to various security threats, including denial of service, unauthorized privilege escalation, potential data tampering, and limited disclosure of sensitive information, posing significant risks to system integrity and confidentiality.

Affected Version(s)

NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) All versions prior to the August 2022 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5383

https://security.gentoo.org/glsa/202310-02

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2022
Vulnerability Reserved
May 24, 2022