CVE-2022-34677 — Out-of-bounds Read in Nvidia Cloud Gaming

CWE-125 — Out-of-bounds Read CWE-681 — Incorrect Conversion between Numeric Types4 documents4 sources

Severity

7.1HIGHNVD

CNA5.5

EPSS

0.1%

top 81.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia GPU Display Driver Nvidia Virtual GPU +1 more

Timeline

PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDnvidia/gpu_display_driver390 — 390.157+5

▶NVDnvidia/virtual_gpu12.0 — 13.6+2

▶NVDnvidia/cloud_gaming< 525.60.12+1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2022-34677: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer↗2022-12-30

▶

CVEList

CVE-2022-34677: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer↗2022-12-30

▶

📋Vendor Advisories

Debian

CVE-2022-34677: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶