CVE-2022-42265 — Integer Overflow or Wraparound in Nvidia GPU Display Driver

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

7.1HIGHNVD

CNA5.3

EPSS

0.1%

top 83.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia GPU Display Driver Nvidia GPU Display Driver FOR Linux

Timeline

PublishedDec 30

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5nvidia/nvidia_gpu_display_driver_for_linuxAll versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release

▶NVDnvidia/gpu_display_driver515 — 515.86.01

🔴Vulnerability Details

CVEList

CVE-2022-42265: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

OSV

CVE-2022-42265: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia↗2022-12-30

▶

📋Vendor Advisories

Debian

CVE-2022-42265: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode ...↗2022

▶