CVE-2022-42254

CWE-125 — Out-of-bounds Read CWE-129 — Improper Array Index Validation4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia GPU Display Driver Nvidia Virtual GPU

Timeline

PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages9 packages

▶NVDnvidia/gpu_display_driver470 — 470.161.03+2

▶Debiannvidia-graphics-drivers< 470.161.03-1+3

▶Debiannvidia-graphics-drivers-tesla< 510.108.03-1

▶Debiannvidia-open-gpu-kernel-modules< 515.86.01-1+2

▶Debiannvidia-graphics-drivers-tesla-450< 450.216.04-1~deb11u1

🔴Vulnerability Details

CVEList

CVE-2022-42254: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

OSV

CVE-2022-42254: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

📋Vendor Advisories

Debian

CVE-2022-42254: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶