Code Execution and Privilege Escalation in NVIDIA GPU Display Driver for Windows and Linux
CVE-2023-25515

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Gpu Display Driver For Windows And Linux
Vendor: CVE Published:; 23 June 2023

Summary

The NVIDIA GPU Display Driver for both Windows and Linux is susceptible to a vulnerability where it incorrectly handles unexpected untrusted data. This can potentially allow attackers to execute arbitrary code, cause denial of service, escalate privileges, tamper with data, or disclose sensitive information. Ensuring proper updates and security measures are implemented is crucial for mitigating the associated risks.

Affected Version(s)

GPU Display Driver for Windows and Linux All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release

References

https://https://nvidia.custhelp.com/app/answers/detail/a_...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Feb 7, 2023