CVE-2022-31617 The NVIDIA GPU Display Driver has a vulnerabilty that a local user with basic capabilities can cause an out of bounds read, which may lead to code execution, den h of service, or escalation of privilege.

To view this vulnerability in action via a proof-of-concept (PoC) exploit, see the nvidia.com homepage. This vulnerability is rated as critical to all versions of Windows 7 and Windows 10, and critical for Windows Vista (CVE-2018-1388). This vulnerability is valid for the following NVIDIA products: - NVIDIA GPU - Compute v1 - Compute v2 - VR v1 - VR v2 - Ansel - Autopilot - BETA (Game Ready Driver) - Shield - SHIELD - X Switch - GRID v1 - GRID v2 - Tesla - DAL - Tegra - Jetson - Endeavor - SL - Edison - Partner - UVD - Mad Max - Palit - Quadro - Tesla P100 - Tesla V100 - Tesla K10 - GeForce - GPU - Game Ready - Y Tegra - Pascal - Turing - Turing Nano - TITAN - TITAN Xp - Titan X - TITAN X - Quadro RTX - Quadro RTX 2080 - Quadro RTX 2080 Ti - Quadro P1000 - Quadro P2000 - Quadro P3000 - Quadro P4000 - Quadro P5000 - Quadro P6000 - Quadro P10 - Quadro P3000 - Quadro P4000 - Quadro P5000 - Quadro P6000 - Quadro P8 - Quadro P5000 - Quadro P6000 - GeForce GT 10 - GeForce GT 120 - GeForce GT 630 - GeForce GT 730 - GeForce GT 740 - GeForce GT 750M - GeForce GT 755M

NVIDIA GPU product line overview br >

For GeForce cards, the vulnerabilities affect all versions of Windows 7, Windows 8.1, and Windows 10. For Quadro cards, the vulnerabilities only affect Windows 10.

Description of the vulnerability

The vulnerability allows an attacker to execute code on the target system. The vulnerability affects all versions of Windows 7 and Windows 10, and Windows Vista (CVE-2018-1388)

CUDA Toolkit

The CUDA Toolkit is a software development kit that enables programmers to write code that can run on NVIDIA GPUs. This toolkit includes libraries, compilers, and other tools. The CUDA Toolkit helps you create applications for GPUs.
To install the CUDA Toolkit, use the CUDA installer.

NVIDIA GPU - Compute v1

- NVDIA GPU - Compute v1 is affected
- The nvidia.com website will be used as a proof of concept (PoC)
- This vulnerability affects all versions of Windows 7 and Windows 10, and Windows Vista
- All NVIDIA products are affected, including the following: - NVIDIA GPU - Compute v1 - Compute v2 - VR v1 - VR v2 - Ansel - Autopilot - BETA (Game Ready Driver) - Shield - SHIELD
- X Switch
- GRID v1
- GRID v2
- Tesla  
- DAL
- Tegra
Jetson
Endeavor
SL  
Edison

Timeline

Published on: 11/19/2022 00:15:00 UTC
Last modified on: 11/29/2022 15:29:00 UTC

References

• https://nvidia.custhelp.com/app/answers/detail/a_id/5383
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31617