CVE-2022-42256

CWE-190Integer Overflow4 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Cloud GamingNvidia Virtual GPU
Timeline
PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages8 packages

Debiannvidia-graphics-drivers< 470.161.03-1+3
Debiannvidia-graphics-drivers-tesla< 510.108.03-1
Debiannvidia-open-gpu-kernel-modules< 515.86.01-1+2
Debiannvidia-graphics-drivers-tesla-450< 450.216.04-1~deb11u1
Debiannvidia-graphics-drivers-tesla-460< 460.106.00-3

🔴Vulnerability Details

2
CVEList
CVE-2022-42256: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia2022-12-30
OSV
CVE-2022-42256: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia2022-12-30

📋Vendor Advisories

1
Debian
CVE-2022-42256: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...2022
CVE-2022-42256 (HIGH CVSS 7.8) | NVIDIA GPU Display Driver for Linux | cvebase.io