CVE-2022-31608 — Improper Preservation of Permissions in Nvidia GPU Display Driver

CWE-281 — Improper Preservation of Permissions6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 61.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Display Driver

Timeline

PublishedNov 19

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnvidia/gpu_display_driver390 — 390.154+4

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qpv-49m3-3h75: NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can i↗2022-11-19

▶

OSV

CVE-2022-31608: NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can i↗2022-11-19

▶

CVEList

CVE-2022-31608: NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can i↗2022-11-18

▶

📋Vendor Advisories

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2022-08-03

▶

Debian

CVE-2022-31608: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bu...↗2022

▶