CVE-2022-42257

CWE-190 — Integer Overflow4 documents4 sources

Severity

7.3HIGH

EPSS

0.0%

top 86.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia GPU Display Driver Nvidia Virtual GPU +1 more

Timeline

PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages10 packages

▶NVDnvidia/gpu_display_driver390 — 390.157+5

▶Debiannvidia-graphics-drivers< 470.161.03-1+3

▶Debiannvidia-graphics-drivers-tesla< 510.108.03-1

▶Debiannvidia-open-gpu-kernel-modules< 515.86.01-1+2

▶Debiannvidia-graphics-drivers-tesla-450< 450.216.04-1~deb11u1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2022-42257: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

CVEList

CVE-2022-42257: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

📋Vendor Advisories

Debian

CVE-2022-42257: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶