Lucene search
NvidiaCVE-2022-42254HistoryDec 30, 2022 - 11:15 p.m.
CVE-2022-42254
2022-12-3023:15:10
CWE-129
CWE-125
nvidia
web.nvd.nist.gov
55
nvidia
gpu
display driver
linux
vulnerability
cve-2022-42254
kernel mode layer
nvidia.ko
out-of-bounds array access
denial of service
data tampering
information disclosure
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0
Percentile
13.0%
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.
Affected configurations
Node
citrixhypervisorMatch-
ORlinuxlinux_kernelMatch-
ORredhatenterprise_linux_kernel-based_virtual_machineMatch-
ORvmwarevsphereMatch-
nvidiavirtual_gpuRange<11.11
ORnvidiavirtual_gpuRange12.0–13.6
ORnvidiavirtual_gpuRange14.0–14.4
Node
linuxlinux_kernelMatch-
nvidiacloud_gamingRange<525.60.11
Node
citrixhypervisorMatch-
ORredhatenterprise_linux_kernel-based_virtual_machineMatch-
nvidiacloud_gamingRange<525.60.12
Node
nvidiageforceMatch-
ORnvidianvsMatch-
ORnvidiaquadroMatch-
ORnvidiartxMatch-
ORnvidiateslaMatch-
nvidiagpu_display_driverRange470–470.161.03linux
ORnvidiagpu_display_driverRange510–510.108.03linux
ORnvidiagpu_display_driverRange515–515.86.01linux
| Vendor | Product | Version | CPE |
|---|---|---|---|
| citrix | hypervisor | - | cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| redhat | enterprise_linux_kernel-based_virtual_machine | - | cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* |
| vmware | vsphere | - | cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:* |
| nvidia | virtual_gpu | * | cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* |
| nvidia | cloud_gaming | * | cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:* |
| nvidia | geforce | - | cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:* |
| nvidia | nvs | - | cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:* |
| nvidia | quadro | - | cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:* |
| nvidia | rtx | - | cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "NVIDIA",
"product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)",
"versions": [
{
"version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release",
"status": "affected"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-12-30 23:15:00
nvd
nvd
CVE-2022-42254
2022-12-30 23:15:10
ubuntucve
ubuntucve
CVE-2022-42254
2022-12-30 00:00:00
cvelist
cvelist
CVE-2022-42254
2022-12-30 00:00:00
debiancve
debiancve
CVE-2022-42254
2022-12-30 23:15:10
nessus
nessus
NVIDIA Linux GPU Display Driver (Nov 2022)
2022-12-02 00:00:00
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (November 2022)
2023-09-14 00:00:00
GLSA-202310-02 : NVIDIA Drivers: Multiple Vulnerabilities
2023-10-03 00:00:00
nvidia
nvidia
Security Bulletin: NVIDIA GPU Display Driver - November 2022
2022-11-29 00:00:00
gentoo
gentoo
NVIDIA Drivers: Multiple Vulnerabilities
2023-10-03 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0
Percentile
13.0%
Related for CVE-2022-42254