CVE
CVE-2023-31019

7.8HIGH

Key Information:

Vendor
Nvidia
Vendor
CVE Published:
2 November 2023

Summary

The NVIDIA GPU Display Driver for Windows features a vulnerability in the wksServicePlugin.dll file, where improper access controls can allow unauthorized connections to the named pipe server. This could enable an attacker to potentially impersonate the client, compromising the integrity of the secure context. Users of affected drivers should assess their security posture and follow appropriate remediation steps to mitigate associated risks.

Affected Version(s)

NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.