CVE-2022-28182 — Out-of-bounds Write in Nvidia Virtual GPU

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.5HIGHNVD

EPSS

1.1%

top 21.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia GPU Display Driver

Timeline

PublishedMay 17

Latest updateMay 18

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5nvidia/nvidia_gpu_display_driverAll GPU Driver versions for Windows

▶NVDnvidia/virtual_gpu11.0 — 11.8+2

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-ww5v-8cqx-53r8: NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x↗2022-05-18

▶

OSV

CVE-2022-28182: NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x↗2022-05-17

▶

CVEList

CVE-2022-28182: NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x↗2022-05-17

▶