CVE-2022-28186

CWE-20Improper Input Validation4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 84.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPUNvidia Nvidia GPU Display Driver
Timeline
PublishedMay 17
Latest updateMay 18

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5nvidia/nvidia_gpu_display_driverAll GPU Driver versions for Windows
NVDnvidia/virtual_gpu11.011.8+2

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

3
GHSA
GHSA-rf6g-3x67-92j3: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-05-18
CVEList
CVE-2022-28186: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-05-17
OSV
CVE-2022-28186: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-05-17
CVE-2022-28186 (MEDIUM CVSS 6.1) | NVIDIA GPU Display Driver for Windo | cvebase.io