CVE-2022-31612

CWE-125Out-of-bounds Read4 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 84.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Nvidia Cloud Gaming GuestNvidia GPU Display DriverNvidia Virtual GPU+1 more
Timeline
PublishedNov 19

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDnvidia/gpu_display_driver471.11473.81+4
CVEListV5nvidia/nvidia_cloud_gaming_(guest_driver)All versions prior to the August 2022 release
NVDnvidia/virtual_gpu11.011.8+2

Patches

Patch: nvidia.custhelp.comPatch: nvidia.custhelp.com

🔴Vulnerability Details

3
GHSA
GHSA-f3cq-g675-wjhp: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-11-19
CVEList
CVE-2022-31612: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-11-18
OSV
CVE-2022-31612: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-08-02
CVE-2022-31612 (HIGH CVSS 7.1) | NVIDIA GPU Display Driver for Windo | cvebase.io