CVE-2022-42255 — Out-of-bounds Write in Nvidia Cloud Gaming

CWE-787 — Out-of-bounds Write CWE-129 — Improper Validation of Array Index4 documents4 sources

Severity

7.8HIGHNVD

CNA5.3

EPSS

0.1%

top 81.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia Virtual GPU

Timeline

PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/virtual_gpu12.0 — 13.6+2

▶NVDnvidia/cloud_gaming< 525.60.11+1

🔴Vulnerability Details

CVEList

CVE-2022-42255: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

OSV

CVE-2022-42255: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

📋Vendor Advisories

Debian

CVE-2022-42255: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶