A high-severity vulnerability exists within the NVIDIA GPU Display Driver for Windows. An attacker who has already gained local user access to a system can exploit this flaw to crash the machine, steal sensitive information, or escalate their privileges to gain full administrative control, thereby compromising the entire system.

The vulnerability is a race condition within the kernel mode layer component (nvlddmkm.sys) of the NVIDIA driver. An authenticated local attacker can craft specific inputs or system calls to the driver, creating a scenario where the timing of operations on a shared resource is manipulated. Successful exploitation allows the attacker to corrupt kernel memory, which can lead to a system crash (Denial of Service), the disclosure of sensitive kernel-level information, or the execution of arbitrary code with SYSTEM-level privileges (Escalation of Privileges).

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a significant business impact by allowing a low-privileged user to gain complete administrative control over an affected workstation or server. This would bypass established security controls, enabling an attacker to install malware like ransomware, exfiltrate sensitive company data, disable security software, and use the compromised system as a pivot point to move laterally across the corporate network. The denial-of-service aspect could also disrupt business operations by causing critical systems to crash unexpectedly.

Immediate Action: Apply the security updates provided by NVIDIA to all affected Windows systems immediately. Patches can typically be obtained through the NVIDIA driver downloads website or the GeForce Experience application. After patching, continue to monitor for any exploitation attempts and review system and security logs for anomalous activity related to the nvlddmkm.sys driver.

Proactive Monitoring: Implement enhanced monitoring on endpoints. Review Windows Event Logs for unexpected system crashes (BugChecks) or application faults related to NVIDIA components. Utilize Endpoint Detection and Response (EDR) solutions to monitor for suspicious processes attempting to interact with kernel drivers or processes that unexpectedly gain SYSTEM-level privileges.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict Local Access: Enforce the principle of least privilege, ensuring users operate with standard, non-administrative accounts.
• Application Control: Use application whitelisting solutions to prevent users from running unauthorized or untrusted software that could be used as an exploit vector.
• Behavioral Monitoring: Configure EDR and antivirus solutions to detect and block suspicious behavior associated with privilege escalation techniques.

Public Exploit Available: false

Given the high severity (CVSS 7.8) of this vulnerability and its potential to grant an attacker full system control, organizations must treat remediation as a high priority. The ability for any local user to escalate privileges to the SYSTEM level represents a fundamental breakdown of system security. Although this CVE is not currently on the CISA KEV list, its impact makes it a prime candidate for future inclusion. We strongly recommend that all affected NVIDIA drivers on Windows endpoints be patched immediately to mitigate this critical risk.