Lucene search

Ubuntu.comUB:CVE-2022-31606

HistoryAug 02, 2022 - 12:00 a.m.

CVE-2022-31606

2022-08-0200:00:00

ubuntu.com

nvidia gpu

display driver

windows

vulnerability

kernel mode

nvlddmkm.sys

attackers

denial of service

information disclosure

escalation of privileges

data tampering

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability in the
kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure
to properly validate data might allow an attacker with basic user
capabilities to cause an out-of-bounds access in kernel mode, which could
lead to denial of service, information disclosure, escalation of
privileges, or data tampering.

Notes

Author	Note
sbeattie	windows drivers only
mdeslaur	some binary drivers are no longer support by NVidia, so they are marked as ignored here

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchnvidia-graphics-drivers-384< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	nvidia-graphics-drivers-384	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-31606

nvd.nist.gov/vuln/detail/CVE-2022-31606

nvidia.custhelp.com/app/answers/detail/a_id/5383

security-tracker.debian.org/tracker/CVE-2022-31606

www.cve.org/CVERecord?id=CVE-2022-31606

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for UB:CVE-2022-31606