Login Sign Up

CVE-2023-31017

7.8 HIGH

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver for Windows allows attackers to write arbitrary data to privileged locations using reparse points. Successful exploitation could lead to code execution, privilege escalation, or data tampering. Affects Windows systems with vulnerable NVIDIA GPU drivers.

💻 Affected Systems

Products:
  • NVIDIA GPU Display Driver
Versions: Multiple versions prior to 536.67
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both consumer and professional NVIDIA GPU drivers on Windows systems. Requires local access to the system.

📦 What is this software?

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete control over the system, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM/administrator privileges, enabling further lateral movement and persistence.

🟢

If Mitigated

Limited impact with proper privilege separation and application control preventing unauthorized driver access.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.
🏢 Internal Only: HIGH - Local attackers or malware with user-level access can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of reparse point manipulation. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 536.67 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5491

Restart Required: Yes

Instructions:

1. Download latest NVIDIA driver from official website 2. Run installer with administrative privileges 3. Select 'Custom installation' 4. Choose 'Perform clean installation' 5. Restart system when prompted

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent driver manipulation

Enable Windows Defender Application Control

windows

Use WDAC to restrict driver loading to authorized only

🧯 If You Can't Patch

  • Implement strict least privilege access controls
  • Monitor for suspicious driver-related activities and reparse point creation

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version in Device Manager > Display adapters > NVIDIA GPU > Driver tab

Check Version:

nvidia-smi (if installed) or check in Device Manager

Verify Fix Applied:

Verify driver version is 536.67 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unexpected driver loading events
  • Reparse point creation in system directories
  • Privilege escalation attempts

Network Indicators:

  • None - local exploit only

SIEM Query:

EventID 7045 with Service Name containing 'NVIDIA' AND EventID 4656 with Object Name containing reparse points

📊 Metadata

CVE ID: CVE-2023-31017
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-552
Published: November 2, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31017, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)