Local Privilege Escalation in NVIDIA GPU Display Driver for Linux
CVE-2022-31608

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Geforce, Workstation, Compute
Vendor: CVE Published:; 19 November 2022

Summary

NVIDIA's GPU Display Driver for Linux contains a vulnerability associated with an optional D-Bus configuration file. This flaw allows local users with basic capabilities to exploit protected D-Bus endpoints. The potential impacts include unauthorized code execution, denial of service, privilege escalation, information disclosure, and data tampering, posing significant security risks to affected systems.

Affected Version(s)

GeForce, Workstation, Compute All versions prior to the August 2022 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5383

https://security.gentoo.org/glsa/202310-02

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2022
Vulnerability Reserved
May 24, 2022