CVE-2022-28188

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 86.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia Nvidia GPU Display Driver

Timeline

PublishedMay 17

Latest updateMay 18

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5nvidia/nvidia_gpu_display_driverAll GPU Driver versions for Windows

▶NVDnvidia/virtual_gpu11.0 — 11.8+2

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-2m25-6j24-jp5f: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm↗2022-05-18

▶

CVEList

CVE-2022-28188: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm↗2022-05-17

▶

OSV

CVE-2022-28188: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm↗2022-05-17

▶