{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-31016", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2023-04-22T02:38:25.654Z", "datePublished": "2023-11-02T18:36:43.382Z", "dateUpdated": "2023-11-02T18:36:43.382Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver", "vendor": "nvidia", "versions": [{"status": "affected", "version": "All versions prior to and including 13.8, 15.3, 16.1 and all versions prior to and including September 2023 release"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}], "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, data tampering"}]}], "metrics": [{"cvssV3_1": {"baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-11-02T18:36:43.382Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A173FE3C-139F-4100-9CE2-20B72DE4B345", "versionEndExcluding": "13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98A00760-DA5C-4590-B7D0-95BA75AD06B1", "versionEndExcluding": "15.4", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF0CB34E-DA9B-436E-B710-0D71E8B31B7E", "versionEndExcluding": "16.2", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la que un elemento de ruta de b\u00fasqueda no controlado puede permitir que un atacante ejecute c\u00f3digo arbitrario, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o manipulaci\u00f3n de datos."}], "id": "CVE-2023-31016", "lastModified": "2023-11-13T14:22:41.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2023-11-02T19:15:40.947", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}