CVE-2022-42266Sensitive Information Exposure in Nvidia Cloud Gaming

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.3LOWNVD
CNA5.5
EPSS
0.1%
top 67.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Cloud GamingNvidia Virtual GPU
Timeline
PublishedDec 30
Latest updateDec 31

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDnvidia/virtual_gpu13.013.6+2
NVDnvidia/cloud_gaming< 527.27

🔴Vulnerability Details

2
GHSA
GHSA-9m72-vjm5-8c4w: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-12-31
CVEList
CVE-2022-42266: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm2022-12-30
CVE-2022-42266 — Sensitive Information Exposure | cvebase