We use cookies to improve your experience on our site.
AVID-2026-R1044
Description
Vulnerability CVE-2022-31616
Details
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.
Reason for inclusion in AVID: The CVE describes a software vulnerability in the NVIDIA GPU Display Driver (nvlddmkm.sys) that can cause an out-of-bounds read leading to DoS or information disclosure. GPU drivers are a core component of the general-purpose AI compute stack (drivers, kernels, and runtimes used to run ML workloads). Exploitation can impact AI systems running on affected GPUs, either via denial of service or data leakage. This affects the software supply chain for AI since it concerns a dependency/runtime used in building/deploying/running AI applications. The report provides CVSS data and vulnerability behavior, giving sufficient evidence.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | NVIDIA Cloud Gaming (guest driver) |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
| Base Score | 6.1 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-20 | CWE-20 Improper Input Validation |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-11-18
- Version: 0.3.3
- AVID Entry