CVE-2022-31607

CWE-20 — Improper Input Validation7 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 74.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Guest Nvidia GPU Display Driver

Timeline

PublishedNov 19

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

▶NVDnvidia/gpu_display_driver390 — 390.154+4

▶Debiannvidia-graphics-drivers< 470.141.03-1~deb11u1+3

▶Ubuntunvidia-graphics-drivers-390< 390.154-0ubuntu0.18.04.1+2

▶Ubuntunvidia-graphics-drivers-470< 470.141.03-0ubuntu0.18.04.1+2

▶Ubuntunvidia-graphics-drivers-510< 510.85.02-0ubuntu0.18.04.1+2

Patches

Patch: nvidia.custhelp.com ↗Patch: nvidia.custhelp.com ↗

🔴Vulnerability Details

OSV

CVE-2022-31607: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-11-19

▶

GHSA

GHSA-5wf4-668w-4pp5: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-11-19

▶

CVEList

CVE-2022-31607: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-11-18

▶

OSV

nvidia-graphics-drivers-390, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-470, nvidia-graphics-drivers-470-server, nvidia-graphics-drivers-510, nvidia-graphics-drivers-510-server, nvidi↗2022-08-03

▶

📋Vendor Advisories

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2022-08-03

▶

Debian

CVE-2022-31607: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶