CVE-2022-31608: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Linux contains a vulnerability (CVE-2022-31608) in an optional D-Bus configuration file, discovered by Artem S. Tashkinov. The vulnerability affects multiple versions of the NVIDIA GPU Display Driver for Linux, including versions from branches 390, 470, 510, and 515. This security issue was disclosed in August 2022 (NVIDIA Advisory, NVD).

The vulnerability exists in the D-Bus configuration file where a local user with basic capabilities can impact protected D-Bus endpoints. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-281 (Improper Preservation of Permissions) (NVD).

The exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The high CVSS score reflects the significant potential impact on system security (NVIDIA Advisory).

NVIDIA has released security updates to address this vulnerability. Users are advised to update to the following versions: 390.154 for R390 branch, 470.141.03 for R470 branch, 510.85.02 for R510 branch, and 515.65.01 for R515 branch. The updates are available through the NVIDIA Driver Downloads page (NVIDIA Advisory).