Lucene search

NvidiaCVE-2022-28185

HistoryMay 17, 2022 - 8:15 p.m.

CVE-2022-28185

2022-05-1720:15:08

CWE-787

nvidia

web.nvd.nist.gov

nvidia

gpu

display driver

ecc

vulnerability

out-of-bounds write

denial of service

data tampering

windows

linux

cve-2022-28185

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

Affected configurations

Nvd

Node

nvidiavirtual_gpuRange11.0–11.8

nvidiavirtual_gpuRange13.0–13.3

nvidiavirtual_gpuMatch14.0

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
nvidiavirtual_gpu*cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
nvidiavirtual_gpu14.0cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nvidia	virtual_gpu	*	cpe:2.3:a:nvidia:virtual_gpu::::::::
nvidia	virtual_gpu	14.0	cpe:2.3:a:nvidia:virtual_gpu:14.0:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "NVIDIA GPU Display Driver",
    "versions": [
      {
        "version": "All GPU Driver versions for Windows and Linux",
        "status": "affected"
      }
    ]
  }
]