SB20231031112 - Multiple vulnerabilities in NVIDIA Windows GPU Display Driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20231031112

SB20231031112 - Multiple vulnerabilities in NVIDIA Windows GPU Display Driver

Published: October 31, 2023

Security Bulletin ID SB20231031112
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2023-31023)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in GPU Display Driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.


2) NULL pointer dereference (CVE-ID: CVE-2023-31022)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the kernel mode layer in GPU Display Driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.


3) Improper access control (CVE-ID: CVE-2023-31020)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in the kernel mode layer within the GPU Display Driver. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.


4) Untrusted search path (CVE-ID: CVE-2023-31016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path in GPU Display Driver. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.


5) Out-of-bounds write (CVE-ID: CVE-2023-31017)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in GPU Display Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-31019)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due improper access restrictions in wksServicePlugin.dll, which incorrectly restricts access from the named pipe server to a connecting client. A local user can execute arbitrary code with elevated privileges.


7) Buffer overflow (CVE-ID: CVE-2023-31027)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in GPU driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.


8) NULL pointer dereference (CVE-ID: CVE-2023-31018)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in GPU Display Driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References