CVE-2022-42267Insufficient Verification of Data Authenticity in Nvidia Virtual GPU

CWE-345Insufficient Verification of Data AuthenticityCWE-125Out-of-bounds Read3 documents3 sources
Severity
7.8HIGHNVD
CNA7.0
EPSS
0.1%
top 76.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Virtual GPUNvidia GPU Display Driver FOR Windows
Timeline
PublishedDec 30
Latest updateDec 31

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5nvidia/nvidia_gpu_display_driver_for_windowsAll versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release
NVDnvidia/virtual_gpu13.013.6+2

🔴Vulnerability Details

2
GHSA
GHSA-7pwf-wj49-qpfg: NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution,2022-12-31
CVEList
CVE-2022-42267: NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution,2022-12-30
CVE-2022-42267 — Nvidia Virtual GPU vulnerability | cvebase