CVE
CVE-2023-31019
7.8HIGH
Key Information:
- Vendor
- Nvidia
- Vendor
- CVE Published:
- 2 November 2023
Summary
The NVIDIA GPU Display Driver for Windows features a vulnerability in the wksServicePlugin.dll file, where improper access controls can allow unauthorized connections to the named pipe server. This could enable an attacker to potentially impersonate the client, compromising the integrity of the secure context. Users of affected drivers should assess their security posture and follow appropriate remediation steps to mitigate associated risks.
Affected Version(s)
NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved