Skip to main content

CVE-2022-31612: CWE-125 Out-of-bounds Read in NVIDIA NVIDIA Cloud Gaming (guest driver)

High
VulnerabilityCVE-2022-31612cvecve-2022-31612cwe-125
Published: Fri Nov 18 2022 (11/18/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: NVIDIA
Product: NVIDIA Cloud Gaming (guest driver)

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.

AI-Powered Analysis

AILast updated: 06/25/2025, 00:04:52 UTC

Technical Analysis

CVE-2022-31612 is a high-severity vulnerability affecting the NVIDIA GPU Display Driver for Windows, specifically within the kernel mode layer component nvlddmkm.sys, which handles the DxgkDdiEscape interface. This vulnerability is classified as a CWE-125 Out-of-bounds Read, meaning that the driver improperly reads memory outside the bounds of a buffer. The flaw can be triggered by a local user with limited privileges (basic capabilities) without requiring user interaction. Exploiting this vulnerability allows the attacker to cause a system crash (denial of service) or potentially leak sensitive internal kernel memory information. The vulnerability affects all versions of the NVIDIA Cloud Gaming guest driver released prior to August 2022. The CVSS v3.1 base score is 7.1, reflecting a high severity due to the combination of local attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality and availability. The vulnerability does not impact integrity. No known exploits are currently reported in the wild, and no official patches or mitigation links were provided in the source information, though it is implied that versions released after August 2022 address the issue. The vulnerability resides in a critical kernel driver component, which is widely deployed in systems using NVIDIA GPUs for cloud gaming or related virtualization scenarios on Windows platforms. The out-of-bounds read could be leveraged in multi-tenant or shared environments to extract sensitive kernel memory data or disrupt system stability, potentially facilitating further privilege escalation or information disclosure attacks if combined with other vulnerabilities or exploits.

Potential Impact

For European organizations, this vulnerability poses a significant risk primarily in environments where NVIDIA Cloud Gaming or virtualization solutions using NVIDIA guest drivers are deployed on Windows systems. The potential impacts include system crashes leading to denial of service, which can disrupt business operations, especially in gaming, media, or cloud service providers utilizing NVIDIA GPU virtualization. Additionally, the leakage of internal kernel memory could expose sensitive information, increasing the risk of further exploitation or data breaches. Organizations relying on NVIDIA GPUs for virtualized workloads or cloud gaming services may face operational instability or confidentiality risks. The local attack vector means that attackers require access to the affected system, which could be a concern in shared or multi-user environments such as cloud-hosted virtual desktops or gaming platforms. While no known exploits are currently active in the wild, the presence of this vulnerability in critical kernel components necessitates prompt remediation to prevent potential targeted attacks. The impact on confidentiality and availability is high, though integrity remains unaffected. European organizations in sectors such as cloud gaming, media streaming, software development, and any enterprise using NVIDIA GPU virtualization should prioritize addressing this vulnerability to maintain system stability and data confidentiality.

Mitigation Recommendations

1. Upgrade to the latest NVIDIA GPU Display Driver versions released after August 2022, as these versions are expected to contain fixes for CVE-2022-31612. 2. Implement strict access controls and user privilege management to limit local user capabilities on systems running NVIDIA Cloud Gaming guest drivers, reducing the risk of exploitation by low-privilege users. 3. Employ endpoint detection and response (EDR) solutions to monitor for unusual kernel-level activity or crashes related to the nvlddmkm.sys driver. 4. In virtualized or cloud environments, isolate GPU resources and restrict multi-tenant access where possible to minimize exposure to local attackers. 5. Regularly audit and update GPU drivers as part of patch management processes, ensuring timely application of security updates. 6. For organizations unable to immediately update drivers, consider temporary workarounds such as disabling the affected guest driver components if feasible, or restricting access to affected systems to trusted users only. 7. Monitor vendor advisories and security bulletins from NVIDIA for any additional patches or mitigation guidance related to this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
nvidia
Date Reserved
2022-05-24T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983cc4522896dcbeee53

Added to database: 5/21/2025, 9:09:16 AM

Last enriched: 6/25/2025, 12:04:52 AM

Last updated: 7/31/2025, 9:06:13 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats