CVE-2022-28191

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 79.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Virtual GPU Nvidia Nvidia Virtual GPU Software AND Nvidia Cloud Gaming

Timeline

PublishedMay 17

Latest updateMay 18

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5nvidia/nvidia_virtual_gpu_software_and_nvidia_cloud_gamingvGPU version 14.x (prior to 14.1), version 13.x (prior to 13.3) and version 11.x (prior 11.8).

▶NVDnvidia/virtual_gpu11.0 — 11.8+2

▶Debiannvidia-graphics-drivers< 470.129.06-5~deb11u1+3

▶Debiannvidia-graphics-drivers-tesla-470< 470.129.06-1+1

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

GHSA

GHSA-693p-qr5p-6w3v: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia↗2022-05-18

▶

OSV

CVE-2022-28191: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia↗2022-05-17

▶

CVEList

CVE-2022-28191: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2022-28191: nvidia-graphics-drivers - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia...↗2022

▶