CVE-2022-28192

CWE-416Use After Free5 documents5 sources
Severity
4.1MEDIUM
EPSS
0.1%
top 74.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPUNvidia Nvidia Virtual GPU Software AND Nvidia Cloud Gaming
Timeline
PublishedMay 17
Latest updateMay 18

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

Affected Packages5 packages

CVEListV5nvidia/nvidia_virtual_gpu_software_and_nvidia_cloud_gamingvGPU version 14.x (prior to 14.1), version 13.x (prior to 13.3) and version 11.x (prior 11.8).
NVDnvidia/virtual_gpu11.011.8+2
Debiannvidia-graphics-drivers< 470.129.06-5~deb11u1+3
Debiannvidia-graphics-drivers-tesla-450< 450.191.01-1~deb11u1
Debiannvidia-graphics-drivers-tesla-470< 470.129.06-1+1

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

3
GHSA
GHSA-x88c-8rhx-h8cw: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia2022-05-18
CVEList
CVE-2022-28192: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia2022-05-17
OSV
CVE-2022-28192: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia2022-05-17

📋Vendor Advisories

1
Debian
CVE-2022-28192: nvidia-graphics-drivers - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia...2022
CVE-2022-28192 (MEDIUM CVSS 4.1) | NVIDIA vGPU software contains a vul | cvebase.io