CVE-2022-28183

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.1HIGH

EPSS

0.2%

top 62.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia Nvidia GPU Display Driver

Timeline

PublishedMay 17

Latest updateMay 18

Description

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.5 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5nvidia/nvidia_gpu_display_driverAll GPU Driver versions for Windows and Linux

▶Debiannvidia-graphics-drivers< 470.129.06-5~deb11u1+3

▶Debiannvidia-graphics-drivers-tesla-470< 470.129.06-1+1

▶NVDnvidia/virtual_gpu11.0 — 11.8+2

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-c9xf-8vp3-62qj: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out↗2022-05-18

▶

CVEList

CVE-2022-28183: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out↗2022-05-17

▶

OSV

CVE-2022-28183: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2022-28183: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ...↗2022

▶