CVE-2022-42260

CWE-2814 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 57.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nvidia Cloud GamingNvidia GPU Display DriverNvidia Virtual GPU
Timeline
PublishedDec 30

Description

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDnvidia/gpu_display_driver470470.161.03+2
Debiannvidia-graphics-drivers< 470.161.03-1+3
Debiannvidia-graphics-drivers-tesla< 510.108.03-1
Debiannvidia-graphics-drivers-tesla-450< 450.216.04-1~deb11u1
Debiannvidia-graphics-drivers-tesla-460< 460.106.00-3

🔴Vulnerability Details

2
OSV
CVE-2022-42260: NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impa2022-12-30
CVEList
CVE-2022-42260: NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impa2022-12-30

📋Vendor Advisories

1
Debian
CVE-2022-42260: nvidia-graphics-drivers - NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus c...2022
CVE-2022-42260 (HIGH CVSS 7.8) | NVIDIA vGPU Display Driver for Linu | cvebase.io