MEDIUM Patch AvailableCVE-2023-31031

NVIDIA CUDA Driver Unchecked Pointer Dereference Leading to Denial of Service

Discovered 22 January 2026 2 views

Overview

A vulnerability was identified in the kernel mode layer (KMD) of the NVIDIA CUDA driver for both Windows and Linux platforms. The issue lies in the driver's handling of specific memory-mapped I/O (MMIO) operations initiated from user space. A local, unprivileged user could craft a malicious input that, when passed to the CUDA driver API, would result in the KMD attempting to dereference a null or invalid pointer. Because this operation occurs in kernel space, the failed memory access causes an unrecoverable system error, leading to an immediate kernel panic on Linux (Blue Screen of Death on Windows). The impact is a complete denial of service (DoS) for the host machine. This is particularly damaging in multi-tenant GPU environments or on critical AI training servers, where a single malicious or compromised user account can crash the entire system, halting all ongoing training jobs and making the expensive GPU resources unavailable until the system is rebooted. The vulnerability underscores the large attack surface presented by complex device drivers in the AI infrastructure stack.

Affected Systems

NVIDIA CUDA Driver (Linux) < 535.104.05NVIDIA CUDA Driver (Windows) < 536.99Various NVIDIA GPU models (Data Center and Consumer)

Testing Guide

1. **Check Driver Version:** On Linux, run `nvidia-smi` to display the installed driver version. On Windows, check the NVIDIA Control Panel. 2. **Compare with Security Bulletin:** Cross-reference your installed driver version with the versions listed as vulnerable in the relevant NVIDIA Security Bulletin. 3. **Run GPU Diagnostics:** Use official NVIDIA tools like `nvidia-diag-driver` to check for the health and integrity of the driver installation. Note: Public exploits for this type of kernel vulnerability are rare and dangerous to run.

Mitigation Steps

1. **Update NVIDIA Drivers:** Download and install the latest available NVIDIA driver for your specific GPU and operating system from the official NVIDIA website. 2. **Restrict User Access:** Limit shell access on critical GPU servers to only trusted administrative users. 3. **Use Containerization:** Run GPU workloads inside containers (e.g., Docker with the NVIDIA Container Toolkit). While this may not prevent the kernel-level crash, it can help isolate workloads and manage dependencies. 4. **Monitor System Logs:** Regularly monitor kernel and system logs for unexpected errors or crashes related to the NVIDIA driver modules (e.g., `nv-kernel.o`).

Patch Details

NVIDIA released updated drivers (e.g., R535) in August 2023 that address this vulnerability. Users must update to the patched versions.

Sources

← Back to vulnerabilities