All the vulnerabilites related to nvidia - gpu_display_driver
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde una falla al validar correctamente los datos podr\u00eda permitir que un atacante con capacidades de usuario b\u00e1sicas provoque un acceso fuera de los l\u00edmites en el modo kernel, lo que podr\u00eda dar lugar a Denegaci\u00f3n de Servicio (DoS), divulgaci\u00f3n de informaci\u00f3n, escalada de privilegios o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-31606", "lastModified": "2024-11-21T07:04:50.177", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:14.450", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde un truncamiento de n\u00fameros enteros puede provocar una lectura fuera de los l\u00edmites, lo que puede provocar una Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-34680", "lastModified": "2024-11-21T07:09:58.323", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:10.247", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-197" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-681" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-27 21:15
Modified
2024-11-21 05:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C5978F56-05D4-4292-86EA-12479B022DFE", "versionEndExcluding": "392.68", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "96422D54-0F78-4683-8A67-B2DF7BAA4EF8", "versionEndExcluding": "463.15", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AA5F4D02-CC80-4CAE-A2C3-135A710AC22E", "versionEndExcluding": "472.39", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A263990D-8108-4494-8000-D183E3997C20", "versionEndExcluding": "496.49", "versionStartIncluding": "490", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." }, { "lang": "es", "value": "NVIDIA GPU Display Driver for Windows contiene una vulnerabilidad en la capa del modo kernel (nvlddmkm.sys), donde una desreferencia de puntero NULL en el kernel, creada dentro del c\u00f3digo del modo de usuario, puede conllevar a una denegaci\u00f3n de servicio en forma de bloqueo del sistema" } ], "id": "CVE-2021-1116", "lastModified": "2024-11-21T05:43:37.743", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-10-27T21:15:07.497", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-21 23:15
Modified
2024-11-21 05:43
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9FE14B9C-CC39-47CF-9C33-5EAA716DDD79", "versionEndExcluding": "392.65", "versionStartIncluding": "390", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure." }, { "lang": "es", "value": "El instalador de NVIDIA GPU Display Driver for Windows contiene una vulnerabilidad por la que un atacante con acceso local no privilegiado al sistema puede ser capaz de reemplazar un recurso de la aplicaci\u00f3n con archivos maliciosos. Este ataque requiere que un usuario con derechos de administraci\u00f3n del sistema ejecute el instalador y que el atacante reemplace los archivos en un intervalo de tiempo muy corto entre la validaci\u00f3n de la integridad del archivo y la ejecuci\u00f3n. Este ataque puede llevar a la ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, denegaci\u00f3n de servicio y divulgaci\u00f3n de informaci\u00f3n" } ], "id": "CVE-2021-1074", "lastModified": "2024-11-21T05:43:32.727", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-21T23:15:07.633", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa del modo kernel (nvlddmkm.sys), donde un usuario local con capacidades b\u00e1sicas puede provocar una lectura fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, Denegaci\u00f3n de Servicio (DoS) y escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-31617", "lastModified": "2024-11-21T07:04:51.623", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:27.273", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar Denegaci\u00f3n de Servicio (DoS), manipulaci\u00f3n de datos o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-42258", "lastModified": "2024-11-21T07:24:36.087", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:10.963", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-21 23:15
Modified
2024-11-21 05:43
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Summary
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "22DC6378-9844-4247-8395-563EF075D0B2", "versionEndExcluding": "427.33", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3876CD3B-354A-4FE5-A528-A4B135F300C6", "versionEndExcluding": "452.96", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DF304158-67E3-4F9A-86D8-226626211F26", "versionEndExcluding": "462.31", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6F6BA69D-0332-4D95-867E-C03892F2091B", "versionEndExcluding": "466.11", "versionStartIncluding": "465", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification." }, { "lang": "es", "value": "El controlador de pantalla de la GPU de NVIDIA para Windows, en todas sus versiones, contiene una vulnerabilidad en el manejador de la capa de modo del kernel (nvlddmkm.sys) para DxgkDdiEscape en la que el programa hace referencia a un puntero que contiene una ubicaci\u00f3n para la memoria que ya no es v\u00e1lida, lo que puede conducir a la ejecuci\u00f3n de c\u00f3digo, la denegaci\u00f3n de servicio o la escalada de privilegios. El atacante no tiene ning\u00fan control sobre la informaci\u00f3n y puede realizar una modificaci\u00f3n limitada de los datos" } ], "id": "CVE-2021-1075", "lastModified": "2024-11-21T05:43:32.847", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.7, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-21T23:15:07.667", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde un desbordamiento de enteros puede provocar Denegaci\u00f3n de Servicio (DoS) o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-42263", "lastModified": "2024-11-21T07:24:36.843", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.360", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-06-13 22:15
Modified
2024-11-21 08:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | studio | - | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | tesla | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
canonical | ubuntu_linux | - | |
citrix | hypervisor | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | cloud_gaming | * | |
microsoft | windows | - | |
nvidia | cloud_gaming | * | |
linux | linux_kernel | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | virtual_gpu | * | |
microsoft | azure_stack_hci | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5C44719A-BFA0-479C-97D4-26301F4E2C63", "versionEndExcluding": "552.55", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "940E9BEA-9FBE-4E3B-A79D-111C52653E5F", "versionEndExcluding": "555.99", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9BEA1462-AA33-4ED9-91CD-737525B9E2C4", "versionEndExcluding": "550.90.07", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "B0AB9E55-DB20-4FA4-8900-61C224514B49", "versionEndExcluding": "555.52.04", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "44592EFE-8D69-4B7F-B089-A612B5217199", "versionEndExcluding": "13.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CBF021-7A5A-412A-BBC2-EB75C6343BB1", "versionEndExcluding": "16.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC08A7-3121-4D8F-88A6-9304C173A439", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false }, { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C8E669A-9DE1-42BD-94B1-98437BB66002", "versionEndExcluding": "555.99", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "699C6D58-B26C-4F27-A1BD-A1A80E0D6A36", "versionEndExcluding": "555.52.04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6907E2B7-9C1A-4964-A6D3-CF16E376B91E", "versionEndExcluding": "17.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF31A34-9492-498F-8A78-F233C0075CB2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering." }, { "lang": "es", "value": "El controlador de pantalla GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una desreferencia de un puntero que no es de confianza ejecutando una API del controlador. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "id": "CVE-2024-0091", "lastModified": "2024-11-21T08:45:52.570", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-06-13T22:15:12.430", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-822" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de datos o la Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-42257", "lastModified": "2024-11-21T07:24:35.930", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:10.897", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU de NVIDIA para Windows contiene una vulnerabilidad en el manejador de la capa de modo del kernel de NVIDIA (nvlddmkm.sys) para DxgkDdiEscape, donde una desreferenciaci\u00f3n de puntero NULL puede conllevar a un bloqueo del sistema" } ], "id": "CVE-2021-1096", "lastModified": "2024-11-21T05:43:35.413", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:08.200", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el controlador de la capa de modo de n\u00facleo (nvlddmkm.sys) para DxgkDdiEscape, donde el producto recibe entrada o datos, pero no comprueba o valida incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta, lo que puede conllevar a una denegaci\u00f3n de servicio o una manipulaci\u00f3n de datos" } ], "id": "CVE-2022-28186", "lastModified": "2024-11-21T06:56:54.613", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:08.953", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el manejador de la capa de modo de kernel (nvlddmkm.sys) para DxgkDdiEscape, donde una desreferencia del puntero NULL puede conllevar a un bloqueo del sistema" } ], "id": "CVE-2022-28189", "lastModified": "2024-11-21T06:56:54.980", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:09.127", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-06-23 18:15
Modified
2024-11-21 07:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
microsoft | windows | - | |
nvidia | cloud_gaming | * | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6", "versionEndExcluding": "474.44", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FE08BF6D-C3C1-4905-85FD-3D1A4CB612F4", "versionEndExcluding": "536.23", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0F7FEA94-AA4F-46ED-9CA7-E0811E354637", "versionEndExcluding": "536.40", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6", "versionEndExcluding": "474.44", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B", "versionEndExcluding": "529.11", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794", "versionEndExcluding": "536.25", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AFDAA231-118A-4246-A53E-C3F144BD027A", "versionEndExcluding": "454.23", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BE5B7AC6-3A49-46AB-A466-216515A2E7D6", "versionEndExcluding": "474.44", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4F7E5174-40CB-46BA-BA7B-363D5949C99B", "versionEndExcluding": "529.11", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "092849D3-A62C-43E5-BDD7-5A4D7CA45794", "versionEndExcluding": "536.25", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB", "versionEndExcluding": "470.199.02", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B", "versionEndExcluding": "525.125.06", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85", "versionEndExcluding": "535.54.03", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "613588B1-1B4C-43E3-8327-528D512F3A76", "versionEndExcluding": "450.248.02", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "F74C5712-6BF6-486E-8B72-BBAD45F428CB", "versionEndExcluding": "470.199.02", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "23955A71-2DD7-4A63-BA9E-05967C40E49B", "versionEndExcluding": "525.125.06", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D069A217-D9A2-4B07-91CA-424852FD4A85", "versionEndExcluding": "535.54.03", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A64668-3B60-402B-B0EF-919079700FB9", "versionEndExcluding": "11.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "65AFFB06-AC6E-426A-97D0-768F34853D6A", "versionEndExcluding": "13.7", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "41388772-0B7C-4238-8021-590D0F1C0CE8", "versionEndExcluding": "15.2", "versionStartIncluding": "15.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8D1ABE1-A024-4BD1-832A-AB459D85227D", "versionEndExcluding": "531.79", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\n\n\nNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.\n\n \n\n" } ], "id": "CVE-2023-25515", "lastModified": "2024-11-21T07:49:38.937", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-06-23T18:15:10.887", "references": [ { "source": "psirt@nvidia.com", "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-822" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows y Linux, contiene una vulnerabilidad en el manejador de la capa de modo del kernel (nvlddmkm.sys) para las llamadas de control en las que el software lee o escribe en un b\u00fafer usando un \u00edndice o puntero que hace referencia a una ubicaci\u00f3n de memoria despu\u00e9s del final del b\u00fafer, lo que puede conllevar la manipulaci\u00f3n de datos o la denegaci\u00f3n del servicio" } ], "id": "CVE-2021-1090", "lastModified": "2024-11-21T05:43:34.650", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:07.680", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-06-13 22:15
Modified
2024-11-21 08:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | studio | - | |
nvidia | tesla | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
microsoft | windows | - | |
nvidia | cloud_gaming | * | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "32EB51D2-1F34-4D1D-8B23-4029E350140F", "versionEndExcluding": "475.06", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6A930DF9-CB95-4BE4-999C-D75AB2C8C4AC", "versionEndExcluding": "538.67", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5C44719A-BFA0-479C-97D4-26301F4E2C63", "versionEndExcluding": "552.55", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "940E9BEA-9FBE-4E3B-A79D-111C52653E5F", "versionEndExcluding": "555.99", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "44592EFE-8D69-4B7F-B089-A612B5217199", "versionEndExcluding": "13.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CBF021-7A5A-412A-BBC2-EB75C6343BB1", "versionEndExcluding": "16.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC08A7-3121-4D8F-88A6-9304C173A439", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C8E669A-9DE1-42BD-94B1-98437BB66002", "versionEndExcluding": "555.99", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la que se podr\u00eda revelar informaci\u00f3n de un cliente anterior u otro proceso. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n o la manipulaci\u00f3n de datos." } ], "id": "CVE-2024-0089", "lastModified": "2024-11-21T08:45:52.277", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-06-13T22:15:11.940", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-665" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-665" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar una Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-42259", "lastModified": "2024-11-21T07:24:36.247", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.030", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Product, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Product, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows, contiene una vulnerabilidad en nvidia-smi donde una ruta de carga de DLL no controlada puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario, denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos" } ], "id": "CVE-2021-1089", "lastModified": "2024-11-21T05:43:34.513", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:07.497", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Product", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-427" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar la divulgaci\u00f3n de informaci\u00f3n o la manipulaci\u00f3n de datos." } ], "id": "CVE-2022-42265", "lastModified": "2024-11-21T07:24:37.133", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.513", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-04 00:15
Modified
2024-11-21 07:49
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
citrix | hypervisor | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1DC70BA-BE3C-4BCA-B24D-FC3CF0E35075", "versionEndExcluding": "11.13", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "9267A801-34DE-497D-AD10-5C65DE068955", "versionEndExcluding": "13.8", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DCEAAB2-61CF-44E2-B251-732F43E980DF", "versionEndExcluding": "15.3", "versionStartIncluding": "15.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\n\n" } ], "id": "CVE-2023-25517", "lastModified": "2024-11-21T07:49:39.177", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-04T00:15:09.653", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-285" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
citrix | hypervisor | - | |
linux | linux_kernel | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | cloud_gaming | * | |
linux | linux_kernel | - | |
nvidia | cloud_gaming | * | |
citrix | hypervisor | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un acceso a la matriz fuera de los l\u00edmites puede provocar Denegaci\u00f3n de Servicio (DoS), manipulaci\u00f3n de datos o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-42254", "lastModified": "2024-11-21T07:24:35.500", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:10.657", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-129" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-21 23:15
Modified
2024-11-21 05:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9FE14B9C-CC39-47CF-9C33-5EAA716DDD79", "versionEndExcluding": "392.65", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "22DC6378-9844-4247-8395-563EF075D0B2", "versionEndExcluding": "427.33", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3876CD3B-354A-4FE5-A528-A4B135F300C6", "versionEndExcluding": "452.96", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DF304158-67E3-4F9A-86D8-226626211F26", "versionEndExcluding": "462.31", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6F6BA69D-0332-4D95-867E-C03892F2091B", "versionEndExcluding": "466.11", "versionStartIncluding": "465", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash." }, { "lang": "es", "value": "NVIDIA Windows GPU Display Driver para Windows, todas las versiones, contiene Una vulnerabilidad en el controlador del kernel (nvlddmkm.sys) donde una desreferencia del puntero NULL puede conllevar a un bloqueo del sistema" } ], "id": "CVE-2021-1078", "lastModified": "2024-11-21T05:43:33.233", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-21T23:15:07.767", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows, contiene una vulnerabilidad por la que un usuario sin privilegios puede crear un hard link de archivos que haga que el controlador sobrescriba un archivo que requiera privilegios elevados para modificarlo, lo que podr\u00eda conllevar a una p\u00e9rdida de datos o una denegaci\u00f3n de servicio" } ], "id": "CVE-2021-1091", "lastModified": "2024-11-21T05:43:34.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:07.770", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - | |
nvidia | gpu_display_driver | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*", "matchCriteriaId": "5FB8815D-2BE1-4454-BCBD-2B648F3FF01E", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la capa de modo del kernel, en la que un usuario normal no privilegiado puede causar una lectura fuera de l\u00edmites, lo que puede conllevar a una denegaci\u00f3n de servicio y una divulgaci\u00f3n de informaci\u00f3n" } ], "id": "CVE-2022-28183", "lastModified": "2024-11-21T06:56:54.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-17T20:15:08.790", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en la capa del modo kernel (nvlddmkm.sys), en la que el software de administraci\u00f3n de la memoria no libera un recurso despu\u00e9s de que su vida \u00fatil haya terminado, lo que puede conllevar a una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-28187", "lastModified": "2024-11-21T06:56:54.733", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:09.007", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-772" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-772" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el manejador de la capa de modo del kernel (nvlddmkm.sys) para DxgkDdiEscape, donde una comprobaci\u00f3n inapropiada de la entrada puede causar una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-28190", "lastModified": "2024-11-21T06:56:55.117", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:09.187", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde una funci\u00f3n auxiliar asigna m\u00e1s p\u00e1ginas f\u00edsicas de las solicitadas, lo que puede provocar un comportamiento indefinido o una fuga de informaci\u00f3n." } ], "id": "CVE-2022-34674", "lastModified": "2024-11-21T07:09:57.467", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.710", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-04-22 03:15
Modified
2024-11-21 07:36
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9D77307A-16B0-4C98-A8AC-ECBFB2EC434C", "versionEndExcluding": "470.182.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2684008A-1AAD-445D-BBC1-7073FDD5442A", "versionEndExcluding": "515.105.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D6836303-BA7D-4E65-948B-2BC67CA635F5", "versionEndExcluding": "525.105.17", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9C654F1D-85AD-4838-AA0B-D1FAEAC6FF71", "versionEndExcluding": "530.41.03", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "7906887A-3589-422F-BCC0-0547DEA150A6", "versionEndExcluding": "450.236.01", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2E2902D2-633E-4065-ABD5-A7A2CBD9965E", "versionEndExcluding": "454.14", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "122A3080-A6A7-4F69-8A11-2247C56E3512", "versionEndExcluding": "474.30", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "ABFB6AEB-975B-488F-B490-7535D1F04075", "versionEndExcluding": "518.03", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0C4C06DD-AF93-4497-8712-D8115842DE59", "versionEndExcluding": "528.89", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D446FAB-5082-43E7-A4E0-D35B3E2E3BB2", "versionEndExcluding": "531.41", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "122A3080-A6A7-4F69-8A11-2247C56E3512", "versionEndExcluding": "474.30", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D446FAB-5082-43E7-A4E0-D35B3E2E3BB2", "versionEndExcluding": "531.41", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering." } ], "id": "CVE-2023-0184", "lastModified": "2024-11-21T07:36:42.360", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-04-22T03:15:08.817", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-822" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde un usuario local con capacidades b\u00e1sicas puede provocar una lectura fuera de los l\u00edmites, lo que puede provocar un fallo del sistema o una fuga de informaci\u00f3n interna del n\u00facleo." } ], "id": "CVE-2022-31612", "lastModified": "2024-11-21T07:04:50.933", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:25.877", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un acceso a la matriz fuera de los l\u00edmites puede provocar Denegaci\u00f3n de Servicio (DoS), divulgaci\u00f3n de informaci\u00f3n o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-34673", "lastModified": "2024-11-21T07:09:57.323", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.610", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el manejador de la capa de modo de kernel (nvlddmkm.sys) para DxgkDdiEscape, en la que el producto recibe entradas o datos, pero no comprueba o valida incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta, lo que puede conllevar a una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-28188", "lastModified": "2024-11-21T06:56:54.853", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:09.063", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-04-22 03:15
Modified
2024-11-21 07:36
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9D77307A-16B0-4C98-A8AC-ECBFB2EC434C", "versionEndExcluding": "470.182.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2684008A-1AAD-445D-BBC1-7073FDD5442A", "versionEndExcluding": "515.105.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D6836303-BA7D-4E65-948B-2BC67CA635F5", "versionEndExcluding": "525.105.17", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9C654F1D-85AD-4838-AA0B-D1FAEAC6FF71", "versionEndExcluding": "530.41.03", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "7906887A-3589-422F-BCC0-0547DEA150A6", "versionEndExcluding": "450.236.01", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2E2902D2-633E-4065-ABD5-A7A2CBD9965E", "versionEndExcluding": "454.14", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "122A3080-A6A7-4F69-8A11-2247C56E3512", "versionEndExcluding": "474.30", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "ABFB6AEB-975B-488F-B490-7535D1F04075", "versionEndExcluding": "518.03", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0C4C06DD-AF93-4497-8712-D8115842DE59", "versionEndExcluding": "528.89", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D446FAB-5082-43E7-A4E0-D35B3E2E3BB2", "versionEndExcluding": "531.41", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "122A3080-A6A7-4F69-8A11-2247C56E3512", "versionEndExcluding": "474.30", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D446FAB-5082-43E7-A4E0-D35B3E2E3BB2", "versionEndExcluding": "531.41", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering." } ], "id": "CVE-2023-0199", "lastModified": "2024-11-21T07:36:44.103", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-04-22T03:15:08.970", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-08-08 17:15
Modified
2024-09-17 12:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5557 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | tesla | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
microsoft | windows | - | |
nvidia | cloud_gaming | - | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F827DAD3-DE90-4D35-9714-BCE8867346F1", "versionEndExcluding": "475.14", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7DC94E15-087D-4EAC-A964-B7FCC52DF9A7", "versionEndExcluding": "556.12", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F827DAD3-DE90-4D35-9714-BCE8867346F1", "versionEndExcluding": "475.14", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7CAEE936-4CE3-4426-8427-101D4722769D", "versionEndExcluding": "538.78", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2659C6F1-055B-40F2-8346-CC5B13AC02C3", "versionEndExcluding": "552.74", "versionStartIncluding": "550", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D056325-704D-41DD-AEC4-800F533EC09C", "versionEndExcluding": "13.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F8A6A1A-3E7C-4EF3-B036-FA7E280303ED", "versionEndExcluding": "16.7", "versionStartIncluding": "14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "36411217-8F4D-4D60-B42D-328F9EF4291D", "versionEndExcluding": "17.3", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:-:*:*:*:*:*:*:*", "matchCriteriaId": "34B75665-F0B3-4960-8879-709F699D915E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario normal sin privilegios puede provocar una lectura fuera de los l\u00edmites. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "id": "CVE-2024-0107", "lastModified": "2024-09-17T12:10:22.063", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-08-08T17:15:18.240", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5557" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service." }, { "lang": "es", "value": "NVIDIA Display Driver para Linux contiene una vulnerabilidad en Virtual GPU Manager, donde no verifica el valor de retorno de una desreferencia de puntero nulo, lo que puede provocar una Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-34675", "lastModified": "2024-11-21T07:09:57.633", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.807", "references": [ { "source": "psirt@nvidia.com", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "39769B85-EDB6-4649-A86F-F72277F235A1", "versionEndExcluding": "418.211.00", "versionStartIncluding": "418.197.02", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2DD69970-A1EE-46FE-B674-0E22AD11D467", "versionEndExcluding": "450.142.00", "versionStartIncluding": "450.119.03", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "52B5FD01-4AED-4915-B8C2-38233865ED86", "versionEndExcluding": "460.91.03", "versionStartIncluding": "460.73.01", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows y Linux, contiene una vulnerabilidad en el controlador de la capa de modo del kernel (nvlddmkm.sys) para DxgkDdiEscape, donde un acceso a una matriz fuera de l\u00edmites puede conllevar a una denegaci\u00f3n de servicio o una divulgaci\u00f3n de informaci\u00f3n" } ], "id": "CVE-2021-1094", "lastModified": "2024-11-21T05:43:35.150", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:08.023", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde un usuario normal sin privilegios puede causar errores de truncamiento al convertir una primitiva a una primitiva de menor tama\u00f1o, provocando que se pierdan datos en la conversi\u00f3n, lo que puede llevar a la Denegaci\u00f3n de Servicio (DoS) o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-34670", "lastModified": "2024-11-21T07:09:56.897", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.337", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-197" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-681" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "39769B85-EDB6-4649-A86F-F72277F235A1", "versionEndExcluding": "418.211.00", "versionStartIncluding": "418.197.02", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2DD69970-A1EE-46FE-B674-0E22AD11D467", "versionEndExcluding": "450.142.00", "versionStartIncluding": "450.119.03", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "52B5FD01-4AED-4915-B8C2-38233865ED86", "versionEndExcluding": "460.91.03", "versionStartIncluding": "460.73.01", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows y Linux, contiene una vulnerabilidad en el firmware en la que el controlador contiene una sentencia assert() o similar que puede ser desencadenada por un atacante, que conlleva a una salida de la aplicaci\u00f3n u otro comportamiento m\u00e1s grave de lo necesario, y puede conllevar a una denegaci\u00f3n de servicio o un bloqueo del sistema" } ], "id": "CVE-2021-1093", "lastModified": "2024-11-21T05:43:35.013", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:07.937", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-404" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
linux | linux_kernel | - | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows y Linux contiene una vulnerabilidad en la capa del modo kernel, donde un usuario local con capacidades b\u00e1sicas puede provocar una desreferencia del puntero nulo, lo que puede provocar una Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-34665", "lastModified": "2024-11-21T07:09:56.200", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:27.557", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-06-13 22:15
Modified
2024-11-21 08:45
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "32EB51D2-1F34-4D1D-8B23-4029E350140F", "versionEndExcluding": "475.06", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6A930DF9-CB95-4BE4-999C-D75AB2C8C4AC", "versionEndExcluding": "538.67", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5C44719A-BFA0-479C-97D4-26301F4E2C63", "versionEndExcluding": "552.55", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "940E9BEA-9FBE-4E3B-A79D-111C52653E5F", "versionEndExcluding": "555.99", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D66C0B72-0A3F-4D61-8BF5-B0BED03014E0", "versionEndExcluding": "470.256.02", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3EC43E03-3909-4AB5-A9FD-198E55167AD2", "versionEndExcluding": "535.180.01", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9BEA1462-AA33-4ED9-91CD-737525B9E2C4", "versionEndExcluding": "550.90.07", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "B0AB9E55-DB20-4FA4-8900-61C224514B49", "versionEndExcluding": "555.52.04", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "44592EFE-8D69-4B7F-B089-A612B5217199", "versionEndExcluding": "13.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CBF021-7A5A-412A-BBC2-EB75C6343BB1", "versionEndExcluding": "16.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC08A7-3121-4D8F-88A6-9304C173A439", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false }, { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "29526088-0276-428D-AD82-F3F91666A9DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "699C6D58-B26C-4F27-A1BD-A1A80E0D6A36", "versionEndExcluding": "555.52.04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6907E2B7-9C1A-4964-A6D3-CF16E376B91E", "versionEndExcluding": "17.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF31A34-9492-498F-8A78-F233C0075CB2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service." }, { "lang": "es", "value": "El controlador NVIDIA GPU para Windows y Linux contiene una vulnerabilidad en la que una verificaci\u00f3n incorrecta o un manejo inadecuado de las condiciones de excepci\u00f3n podr\u00edan provocar una denegaci\u00f3n de servicio." } ], "id": "CVE-2024-0092", "lastModified": "2024-11-21T08:45:52.720", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-06-13T22:15:12.647", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-703" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-06-13 22:15
Modified
2024-11-21 08:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "32EB51D2-1F34-4D1D-8B23-4029E350140F", "versionEndExcluding": "475.06", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6A930DF9-CB95-4BE4-999C-D75AB2C8C4AC", "versionEndExcluding": "538.67", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5C44719A-BFA0-479C-97D4-26301F4E2C63", "versionEndExcluding": "552.55", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "940E9BEA-9FBE-4E3B-A79D-111C52653E5F", "versionEndExcluding": "555.99", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D66C0B72-0A3F-4D61-8BF5-B0BED03014E0", "versionEndExcluding": "470.256.02", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3EC43E03-3909-4AB5-A9FD-198E55167AD2", "versionEndExcluding": "535.180.01", "versionStartIncluding": "535", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9BEA1462-AA33-4ED9-91CD-737525B9E2C4", "versionEndExcluding": "550.90.07", "versionStartIncluding": "550", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "B0AB9E55-DB20-4FA4-8900-61C224514B49", "versionEndExcluding": "555.52.04", "versionStartIncluding": "555", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "44592EFE-8D69-4B7F-B089-A612B5217199", "versionEndExcluding": "13.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CBF021-7A5A-412A-BBC2-EB75C6343BB1", "versionEndExcluding": "16.6", "versionStartIncluding": "14.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFC08A7-3121-4D8F-88A6-9304C173A439", "versionEndExcluding": "17.2", "versionStartIncluding": "17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C", "vulnerable": false }, { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C8E669A-9DE1-42BD-94B1-98437BB66002", "versionEndExcluding": "555.99", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "699C6D58-B26C-4F27-A1BD-A1A80E0D6A36", "versionEndExcluding": "555.52.04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6907E2B7-9C1A-4964-A6D3-CF16E376B91E", "versionEndExcluding": "17.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:azure_stack_hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF31A34-9492-498F-8A78-F233C0075CB2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." }, { "lang": "es", "value": "El controlador de GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una escritura fuera de los l\u00edmites. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos." } ], "id": "CVE-2024-0090", "lastModified": "2024-11-21T08:45:52.430", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-06-13T22:15:12.170", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF656F94-6425-44EC-BCDA-6E9F9BC7546B", "versionEndExcluding": "515.65.01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "6A5C4A60-A16B-4BDA-BFDF-482A254F237F", "versionEndExcluding": "450.203.03", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un usuario local con capacidades b\u00e1sicas puede provocar una validaci\u00f3n de entrada incorrecta, lo que puede provocar Denegaci\u00f3n de Servicio (DoS), escalada de privilegios, manipulaci\u00f3n de datos y acceso limitado divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-31607", "lastModified": "2024-11-21T07:04:50.300", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:23.190", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
linux | linux_kernel | - | |
microsoft | windows | - | |
nvidia | gpu_display_driver | - | |
nvidia | gpu_display_driver | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*", "matchCriteriaId": "5FB8815D-2BE1-4454-BCBD-2B648F3FF01E", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components." }, { "lang": "es", "value": "El controlador de pantalla de la GPU de NVIDIA para Windows y Linux contiene una vulnerabilidad en la capa del modo del kernel, en la que un usuario normal no privilegiado en la red puede causar una escritura fuera de l\u00edmites mediante un sombreador especialmente dise\u00f1ado, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo, una denegaci\u00f3n de servicio, un aumento de privilegios, un divulgaci\u00f3n de informaci\u00f3n y una manipulaci\u00f3n de datos. El alcance del impacto puede extenderse a otros componentes" } ], "id": "CVE-2022-28181", "lastModified": "2024-11-21T06:56:53.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-17T20:15:08.673", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "6A5C4A60-A16B-4BDA-BFDF-482A254F237F", "versionEndExcluding": "450.203.03", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel, donde un usuario local con capacidades b\u00e1sicas puede provocar una desreferencia de puntero nulo, lo que puede provocar una Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-31615", "lastModified": "2024-11-21T07:04:51.337", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:26.543", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-10 21:29
Modified
2024-11-21 04:45
Severity ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce_experience | * | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "46442A04-15FD-42DA-B82C-3A0450868F1D", "versionEndExcluding": "412.36", "versionStartIncluding": "410", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "66D3718F-174C-4D4C-B8AD-ACFB1A667787", "versionEndExcluding": "425.51", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CD2E6016-FD91-4BCC-AA68-8C344F5319C8", "versionEndExcluding": "430.64", "versionStartIncluding": "430", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7583B2E-0C11-4D18-9E89-85EFD88C81CF", "versionEndExcluding": "3.19", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution." }, { "lang": "es", "value": "El software controlador de la GPU NVIDIA Windows Display para Windows (todas las versiones) contiene una vulnerabilidad en la que carga incorrectamente las DLL del sistema Windows sin validar la ruta o la firma (tambi\u00e9n conocido como ataque de colocaci\u00f3n de binarios o ataque de precarga de DLL), lo que provoca una escalada de privilegios a trav\u00e9s de la ejecuci\u00f3n de c\u00f3digo." } ], "id": "CVE-2019-5676", "lastModified": "2024-11-21T04:45:19.640", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-10T21:29:00.583", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-27815" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-27815" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-427" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-27 21:15
Modified
2024-11-21 05:43
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C5978F56-05D4-4292-86EA-12479B022DFE", "versionEndExcluding": "392.68", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "96422D54-0F78-4683-8A67-B2DF7BAA4EF8", "versionEndExcluding": "463.15", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AA5F4D02-CC80-4CAE-A2C3-135A710AC22E", "versionEndExcluding": "472.39", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "8E8E59DB-063B-4BF5-92C1-AC78D59BB6D0", "versionEndExcluding": "496.49", "versionStartIncluding": "495", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service." }, { "lang": "es", "value": "Windows contiene una vulnerabilidad en el manejador de la capa de modo de kernel (nvlddmkm.sys) para DxgkDdiEscape, donde un atacante mediante una configuraci\u00f3n espec\u00edfica y con acceso local no privilegiado al sistema puede causar una comprobaci\u00f3n inapropiada de la entrada, lo que puede conllevar a una denegaci\u00f3n de servicio" } ], "id": "CVE-2021-1117", "lastModified": "2024-11-21T05:43:37.857", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-10-27T21:15:07.553", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-129" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-129" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." }, { "lang": "es", "value": "NVIDIA vGPU Display Driver para los invitados de Linux contiene una vulnerabilidad en un archivo de configuraci\u00f3n de D-Bus, donde un usuario no autorizado en la m\u00e1quina virtual invitada puede afectar los endpoints protegidos de D-Bus, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, Denegaci\u00f3n de Servicio (DoS), escalada de privilegios e informaci\u00f3n, divulgaci\u00f3n o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-42260", "lastModified": "2024-11-21T07:24:36.410", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.097", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-281" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa del modo kernel (nvlddmkm.sys), donde un usuario local con capacidades b\u00e1sicas puede provocar una escritura fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, Denegaci\u00f3n de Servicio (DoS) y escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-31610", "lastModified": "2024-11-21T07:04:50.687", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:25.477", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3DEA3DEB-3A91-412A-B4EF-61B0B2BE527F", "versionEndExcluding": "390.157", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2780BAF8-20EC-4F42-A6EB-536255082FF6", "versionEndExcluding": "525.60.11", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde un usuario normal sin privilegios puede provocar que se trunque un n\u00famero entero, lo que puede provocar Denegaci\u00f3n de Servicio (DoS) o manipulaci\u00f3n de datos." } ], "id": "CVE-2022-34677", "lastModified": "2024-11-21T07:09:57.910", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.983", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-681" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa del modo kernel, donde cualquier usuario local puede provocar una desreferencia de puntero nulo, lo que puede provocar un p\u00e1nico en el kernel." } ], "id": "CVE-2022-31613", "lastModified": "2024-11-21T07:04:51.067", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:26.227", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-10-27 21:15
Modified
2024-11-21 05:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5230 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5230 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C5978F56-05D4-4292-86EA-12479B022DFE", "versionEndExcluding": "392.68", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "96422D54-0F78-4683-8A67-B2DF7BAA4EF8", "versionEndExcluding": "463.15", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AA5F4D02-CC80-4CAE-A2C3-135A710AC22E", "versionEndExcluding": "472.39", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A263990D-8108-4494-8000-D183E3997C20", "versionEndExcluding": "496.49", "versionStartIncluding": "490", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component." }, { "lang": "es", "value": "NVIDIA GPU Display Driver for Windows contiene una vulnerabilidad en el manejador de la capa de modo kernel (nvlddmkm.sys) para IOCTLs privadas, donde un atacante con acceso local no privilegiado al sistema puede causar una desreferencia de puntero NULL, que puede conllevar a una denegaci\u00f3n de servicio en un componente m\u00e1s all\u00e1 del componente vulnerable" } ], "id": "CVE-2021-1115", "lastModified": "2024-11-21T05:43:37.620", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-10-27T21:15:07.427", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - | |
nvidia | cloud_gaming_guest | * | |
microsoft | windows | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:*:*:*:*:*:*:*:*", "matchCriteriaId": "D619D0D6-04FF-4C1E-84BC-BF44C3328451", "versionEndExcluding": "516.94", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9E31C0C2-5C06-4E5E-9106-1ABE98D37C13", "versionEndExcluding": "473.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CE6F7210-C895-478D-8155-85335EFEAE4F", "versionEndExcluding": "453.64", "versionStartIncluding": "451.48", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D66D8563-40B2-4B35-BC8B-C2905C9D4FC8", "versionEndExcluding": "472.81", "versionStartIncluding": "471.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "094B9003-EEC7-46DD-AEC2-F2BCB0F8DE88", "versionEndExcluding": "513.46", "versionStartIncluding": "511.09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "337FAC23-CA17-4B2C-AFC0-F3FD8493FACD", "versionEndExcluding": "516.94", "versionStartIncluding": "516.25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde un usuario local con capacidades b\u00e1sicas puede provocar una lectura fuera de los l\u00edmites, lo que puede provocar Denegaci\u00f3n de Servicio (DoS) o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-31616", "lastModified": "2024-11-21T07:04:51.487", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:26.893", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-07 20:15
Modified
2024-11-21 06:45
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37AC285-221B-474F-8B3F-9DD7C586EB43", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el paquete de controladores del kernel, donde el manejo inapropiado de permisos o privilegios insuficientes puede permitir a un usuario local no privilegiado un acceso de escritura limitado a la memoria protegida, lo que puede conllevar a una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-21814", "lastModified": "2024-11-21T06:45:29.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-07T20:15:07.830", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-280" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-19 00:15
Modified
2024-11-21 07:04
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B30520A-D378-4CC8-812D-3B443740D6E3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C1777FEA-7B6B-4629-BFFD-E45492C96D18", "versionEndExcluding": "390.154", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "6A5C4A60-A16B-4BDA-BFDF-482A254F237F", "versionEndExcluding": "450.203.03", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "677332FE-B818-48A9-82EE-474703AE1D81", "versionEndExcluding": "470.141.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "C8E67FE7-2A7D-4FC0-A623-A981FD5776AB", "versionEndExcluding": "510.85.02", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "8603E59F-1C4A-4A15-B28B-1665D5AE5B58", "versionEndExcluding": "515.65.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "75C6DE26-88F2-428E-B761-754BD027E015", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en un archivo de configuraci\u00f3n opcional de D-Bus, donde un usuario local con capacidades b\u00e1sicas puede afectar los endpoints protegidos de D-Bus, lo que puede llevar a la ejecuci\u00f3n de c\u00f3digo, Denegaci\u00f3n de Servicio (DoS), escalada de privilegios y divulgaci\u00f3n de informaci\u00f3n. y manipulaci\u00f3n de datos." } ], "id": "CVE-2022-31608", "lastModified": "2024-11-21T07:04:50.440", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-19T00:15:24.927", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-281" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-281" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
citrix | hypervisor | - | |
linux | linux_kernel | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | cloud_gaming | * | |
citrix | hypervisor | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service." }, { "lang": "es", "value": "NVIDIA vGPU software contiene una vulnerabilidad en Virtual GPU Manager (complemento vGPU), donde un \u00edndice de entrada no se valida, lo que puede provocar una saturaci\u00f3n del b\u00fafer, lo que a su vez puede causar manipulaci\u00f3n de datos, divulgaci\u00f3n de informaci\u00f3n o Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-42261", "lastModified": "2024-11-21T07:24:36.560", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.167", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 | |
microsoft | windows | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el controlador de modo de usuario de DirectX11 (nvwgf2um/x.dll), donde un atacante no autorizado en la red puede causar una escritura fuera de l\u00edmites mediante un shader especialmente dise\u00f1ado, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo para causar la denegaci\u00f3n de servicio, una escalada de privilegios, una divulgaci\u00f3n de informaci\u00f3n y una manipulaci\u00f3n de datos. El alcance del impacto puede extenderse a otros componentes" } ], "id": "CVE-2022-28182", "lastModified": "2024-11-21T06:56:54.110", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary" } ] }, "published": "2022-05-17T20:15:08.737", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-07 20:15
Modified
2024-11-21 06:45
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | cloud_gaming_guest | - | |
nvidia | geforce | - | |
nvidia | gpu_display_driver | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | tesla | - | |
nvidia | virtual_gpu | - | |
linux | linux_kernel | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF125D-2BDD-4DDB-B8A6-5D28E64157E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37AC285-221B-474F-8B3F-9DD7C586EB43", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CCCEEC-CB0F-412F-9DE5-CD86E2AF6B2A", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador del kernel, donde el manejo inapropiado de permisos o privilegios insuficientes puede permitir a un usuario local no privilegiado un acceso de escritura limitado a la memoria protegida, lo que puede conllevar una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-21813", "lastModified": "2024-11-21T06:45:29.080", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-07T20:15:07.773", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-21 23:15
Modified
2024-11-21 05:43
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "69312265-BEBA-48BC-A771-5C31840BBA76", "versionEndExcluding": "450.119.03", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3876CD3B-354A-4FE5-A528-A4B135F300C6", "versionEndExcluding": "452.96", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "F136B0BE-76D2-419F-8F57-F0FE28316B1A", "versionEndExcluding": "460.73.01", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DF304158-67E3-4F9A-86D8-226626211F26", "versionEndExcluding": "462.31", "versionStartIncluding": "460", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows y Linux, la rama del controlador R450 y R460, contiene Una vulnerabilidad en la que el software usa un recuento de referencia para administrar un recurso que se actualiza inapropiadamente, lo que puede llevar a la denegaci\u00f3n de servicio" } ], "id": "CVE-2021-1077", "lastModified": "2024-11-21T05:43:33.083", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-21T23:15:07.733", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-404" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-07 20:15
Modified
2024-11-21 06:45
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF125D-2BDD-4DDB-B8A6-5D28E64157E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37AC285-221B-474F-8B3F-9DD7C586EB43", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CCCEEC-CB0F-412F-9DE5-CD86E2AF6B2A", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el manejador de la capa del modo kernel (nvlddmkm.sys) para las IOCTL privadas en la que una desreferencia del puntero NULL en el kernel, creada dentro del c\u00f3digo del modo de usuario, puede conllevar a una denegaci\u00f3n de servicio en forma de bloqueo del sistema" } ], "id": "CVE-2022-21815", "lastModified": "2024-11-21T06:45:29.350", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-07T20:15:07.887", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
citrix | hypervisor | - | |
linux | linux_kernel | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | cloud_gaming | * | |
linux | linux_kernel | - | |
nvidia | cloud_gaming | * | |
citrix | hypervisor | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un error de uno en uno puede provocar manipulaci\u00f3n de datos o divulgaci\u00f3n de informaci\u00f3n." } ], "id": "CVE-2022-34684", "lastModified": "2024-11-21T07:09:58.863", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:10.583", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-193" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-07-04 00:15
Modified
2024-11-21 07:49
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "BC3021AA-04C1-4455-8EC4-B9E2D3B1AEC6", "versionEndIncluding": "11.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "AF73B5E6-E71A-4767-BAD4-BAE4EAF9B076", "versionEndIncluding": "13.7", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9A7DA093-AE6B-4773-B3DE-C1BBD8E44E35", "versionEndIncluding": "15.2", "versionStartIncluding": "15.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.\n\n" } ], "id": "CVE-2023-25516", "lastModified": "2024-11-21T07:49:39.060", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-07-04T00:15:09.587", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Broken Link" ], "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU NVIDIA para Windows, contiene una vulnerabilidad en la aplicaci\u00f3n del Panel de control de NVIDIA, por lo que es susceptible de sufrir un ataque de tipo symlink en el sistema de archivos de Windows, en el que un atacante sin privilegios puede causar a las aplicaciones sobrescribir archivos privilegiados, resultando en una denegaci\u00f3n de servicio o una p\u00e9rdida de datos" } ], "id": "CVE-2021-1092", "lastModified": "2024-11-21T05:43:34.900", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:07.857", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-04-22 03:15
Modified
2024-11-21 07:36
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5452 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9D77307A-16B0-4C98-A8AC-ECBFB2EC434C", "versionEndExcluding": "470.182.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2684008A-1AAD-445D-BBC1-7073FDD5442A", "versionEndExcluding": "515.105.01", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D6836303-BA7D-4E65-948B-2BC67CA635F5", "versionEndExcluding": "525.105.17", "versionStartIncluding": "525", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "9C654F1D-85AD-4838-AA0B-D1FAEAC6FF71", "versionEndExcluding": "530.41.03", "versionStartIncluding": "530", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "7906887A-3589-422F-BCC0-0547DEA150A6", "versionEndExcluding": "450.236.01", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service." } ], "id": "CVE-2023-0190", "lastModified": "2024-11-21T07:36:43.117", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-04-22T03:15:08.897", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-04-21 23:15
Modified
2024-11-21 05:43
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3178296B-0354-4DC3-B8CB-D49D146C6063", "versionEndExcluding": "390.143", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "ABD000D5-7DE6-42F7-857E-A90629738237", "versionEndExcluding": "418.197.02", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "22DC6378-9844-4247-8395-563EF075D0B2", "versionEndExcluding": "427.33", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "69312265-BEBA-48BC-A771-5C31840BBA76", "versionEndExcluding": "450.119.03", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3876CD3B-354A-4FE5-A528-A4B135F300C6", "versionEndExcluding": "452.96", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "F136B0BE-76D2-419F-8F57-F0FE28316B1A", "versionEndExcluding": "460.73.01", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DF304158-67E3-4F9A-86D8-226626211F26", "versionEndExcluding": "462.31", "versionStartIncluding": "460", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "A3A8E0F4-A3DB-400C-A732-E71DCB09C35F", "versionEndExcluding": "465.24.02", "versionStartIncluding": "465", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6F6BA69D-0332-4D95-867E-C03892F2091B", "versionEndExcluding": "466.11", "versionStartIncluding": "465", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows y Linux, todas las versiones, contiene Una vulnerabilidad en la capa del modo kernel (nvlddmkm.sys o nvidia.ko) donde un control de acceso inapropiado puede conllevar a una denegaci\u00f3n de servicio, divulgaci\u00f3n de informaci\u00f3n o corrupci\u00f3n de datos" } ], "id": "CVE-2021-1076", "lastModified": "2024-11-21T05:43:32.960", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-04-21T23:15:07.700", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:09
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - | |
nvidia | gpu_display_driver | * | |
nvidia | studio | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "92FDDB0C-1F5B-4559-8ACA-F7D889379384", "versionEndExcluding": "514.08", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7CD854B9-D2EA-4797-8CD6-5CE7BF431EDC", "versionEndExcluding": "517.88", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EFC7E8ED-C6D0-4ADB-B914-850B86E85DC6", "versionEndExcluding": "527.27", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1B6ED659-FE16-4240-AB72-F33BCEB67616", "versionEndExcluding": "454.02", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "92FDDB0C-1F5B-4559-8ACA-F7D889379384", "versionEndExcluding": "514.08", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E7C44AD7-7797-4CB6-B6B7-59176B72E417", "versionEndIncluding": "517.88", "versionStartIncluding": "515", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E07CE5FB-5FE4-449B-9A8C-FE3836F355D2", "versionEndExcluding": "527.41", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FF62D74B-A5A4-4A81-9D00-DDA6A8A1F05D", "versionEndExcluding": "526.98", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FF62D74B-A5A4-4A81-9D00-DDA6A8A1F05D", "versionEndExcluding": "526.98", "versionStartIncluding": "525", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nNVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.\n\n\n\n" }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario sin privilegios puede provocar una escritura fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n y la Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-34671", "lastModified": "2024-11-21T07:09:57.043", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:09.430", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "source": "psirt@nvidia.com", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719" }, { "source": "psirt@nvidia.com", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720" }, { "source": "psirt@nvidia.com", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-22 05:15
Modified
2024-11-21 05:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "39769B85-EDB6-4649-A86F-F72277F235A1", "versionEndExcluding": "418.211.00", "versionStartIncluding": "418.197.02", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A5A345DF-457A-4B7E-A4E9-4D29FB4C9722", "versionEndExcluding": "427.48", "versionStartIncluding": "427.33", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "2DD69970-A1EE-46FE-B674-0E22AD11D467", "versionEndExcluding": "450.142.00", "versionStartIncluding": "450.119.03", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "650D9B87-1AFB-4462-A8D5-E993D8ECDACA", "versionEndExcluding": "453.10", "versionStartIncluding": "452.96", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "52B5FD01-4AED-4915-B8C2-38233865ED86", "versionEndExcluding": "460.91.03", "versionStartIncluding": "460.73.01", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "018F843B-EFA3-4E49-A269-168221A205CA", "versionEndExcluding": "462.96", "versionStartIncluding": "462.31", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service." }, { "lang": "es", "value": "Un controlador de pantalla de la GPU de NVIDIA para Windows y Linux contiene una vulnerabilidad en los manejadores de la capa de modo del kernel (nvlddmkm.sys) para todas las llamadas de control con par\u00e1metros incrustados donde la referencia a un puntero no confiable puede conllevar a una denegaci\u00f3n de servicio" } ], "id": "CVE-2021-1095", "lastModified": "2024-11-21T05:43:35.290", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-22T05:15:08.113", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-06-25 22:15
Modified
2024-11-21 05:34
Severity ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7F0E4F60-7421-40F1-8E03-41FDD98796A2", "versionEndExcluding": "392.61", "versionStartIncluding": "390", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9D4C45EA-BBB6-4C5E-B3F1-BCCD416EA840", "versionEndExcluding": "426.78", "versionStartIncluding": "418", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CAE9274B-5253-45CA-B5D5-5ABA0F045A4B", "versionEndExcluding": "443.18", "versionStartIncluding": "440", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F793B15F-FE80-4A7B-AC9B-84A5498E0FE9", "versionEndExcluding": "451.48", "versionStartIncluding": "450", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges." }, { "lang": "es", "value": "NVIDIA Windows GPU Display Driver, todas las versiones, contiene una vulnerabilidad en el manejador de capa del modo kernel (nvlddmkm.sys) para DxgkDdiEscape, en el que un puntero NULL es desreferenciado, lo que conduce a una denegaci\u00f3n de servicio o una posible escalada de privilegios" } ], "id": "CVE-2020-5966", "lastModified": "2024-11-21T05:34:55.170", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-06-25T22:15:11.757", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-17 20:15
Modified
2024-11-21 06:56
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | gpu_display_driver | - | |
nvidia | gpu_display_driver | - | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | 14.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*", "matchCriteriaId": "5FB8815D-2BE1-4454-BCBD-2B648F3FF01E", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering." }, { "lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en el controlador de la capa de modo del kernel (nvlddmkm.sys) para DxgkDdiEscape, por la que un usuario normal no privilegiado puede acceder a registros con privilegios de administrador, lo que puede conllevar a una denegaci\u00f3n de servicio, una divulgaci\u00f3n de informaci\u00f3n y una manipulaci\u00f3n de datos" } ], "id": "CVE-2022-28184", "lastModified": "2024-11-21T06:56:54.360", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-17T20:15:08.843", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
nvidia | virtual_gpu | * | |
citrix | hypervisor | - | |
linux | linux_kernel | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
vmware | vsphere | - | |
nvidia | cloud_gaming | * | |
citrix | hypervisor | - | |
redhat | enterprise_linux_kernel-based_virtual_machine | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | geforce | - | |
nvidia | nvs | - | |
nvidia | quadro | - | |
nvidia | rtx | - | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | gpu_display_driver | * | |
nvidia | tesla | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service." }, { "lang": "es", "value": "El software NVIDIA vGPU contiene una vulnerabilidad en Virtual GPU Manager (complemento vGPU), donde un \u00edndice de entrada no se valida, lo que puede provocar una saturaci\u00f3n del b\u00fafer, lo que a su vez puede causar manipulaci\u00f3n de datos, divulgaci\u00f3n de informaci\u00f3n o Denegaci\u00f3n de Servicio (DoS)." } ], "id": "CVE-2022-42262", "lastModified": "2024-11-21T07:24:36.697", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.263", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-12-30 23:15
Modified
2024-11-21 07:24
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
psirt@nvidia.com | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C9963BB-DC0D-4799-84C4-B3A36BCE125B", "versionEndExcluding": "13.6", "versionStartIncluding": "12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false }, { "criteria": "cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A22C5-B3E1-4106-997C-D1C845F2C1EE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1145182-F629-44ED-B37B-D2DBE726210C", "versionEndExcluding": "525.60.11", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "matchCriteriaId": "B75400C8-5AFF-4ED9-AF91-024FE6D125E0", "versionEndExcluding": "525.60.12", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7AE5C32-E060-44BA-8C13-3D73204191EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C8B1C5-6401-45F9-8D3E-47E32067F428", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "20C17F30-34F3-4F5E-9F35-CBC6BBAAC958", "versionEndExcluding": "515.86.01", "versionStartIncluding": "515", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": false }, { "criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "92F71F1A-E866-4C73-BA7E-CA72CDCCF295", "versionEndExcluding": "450.216.04", "versionStartIncluding": "450", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1ACD2E2B-EDDA-4D52-B7D2-3387A80359A5", "versionEndExcluding": "470.161.03", "versionStartIncluding": "470", "vulnerable": true }, { "criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*", "matchCriteriaId": "1A381E4A-95A8-4002-9919-D8A23B41525A", "versionEndExcluding": "510.108.03", "versionStartIncluding": "510", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service." }, { "lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel, donde un usuario normal sin privilegios puede provocar el uso de un desplazamiento del puntero fuera de rango, lo que puede provocar manipulaci\u00f3n o p\u00e9rdida de datos, divulgaci\u00f3n de informaci\u00f3n o denegaci\u00f3n de acceso. servicio." } ], "id": "CVE-2022-42264", "lastModified": "2024-11-21T07:24:36.990", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-12-30T23:15:11.443", "references": [ { "source": "psirt@nvidia.com", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "psirt@nvidia.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-823" } ], "source": "psirt@nvidia.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2022-42261
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:28.318920", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42261", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21815
Vulnerability from cvelistv5
Published
2022-02-07 20:00
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:53:36.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-09T19:35:14", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-21815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-21815", "datePublished": "2022-02-07T20:00:17", "dateReserved": "2021-12-10T00:00:00", "dateUpdated": "2024-08-03T02:53:36.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42263
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:26.872007", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42263", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28187
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:34", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28187", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-772 Missing Release of Resource after Effective Lifetime" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28187", "datePublished": "2022-05-17T19:15:34", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0184
Vulnerability from cvelistv5
Published
2023-04-22 02:18
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering." } ], "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Denial of Service, Escalation of Privileges, Information Disclosure, Data Tampering" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-22T02:18:16.993Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-0184", "datePublished": "2023-04-22T02:18:16.993Z", "dateReserved": "2023-01-11T05:48:41.769Z", "dateUpdated": "2024-08-02T05:02:43.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28188
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:35", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28188", "datePublished": "2022-05-17T19:15:35", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31608
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | GeForce, Workstation, Compute |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GeForce, Workstation, Compute", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:26.816560", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31608", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42265
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver for Linux |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver for Linux", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:38.886320", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42265", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28186
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:33", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28186", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering." } ] }, "impact": { "cvss": { "baseScore": 6.1, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28186", "datePublished": "2022-05-17T19:15:33", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42259
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.786Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:23.696887", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42259", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42258
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.929Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:35.843334", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42258", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.929Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1089
Vulnerability from cvelistv5
Published
2021-07-22 04:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "code execution, denial of service, data tampering, information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T04:25:25", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1089", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "code execution, denial of service, data tampering, information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1089", "datePublished": "2021-07-22T04:25:25", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28189
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.626Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:37", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28189", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476 NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28189", "datePublished": "2022-05-17T19:15:37", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0107
Vulnerability from cvelistv5
Published
2024-08-08 16:57
Modified
2024-08-08 18:36
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | GPU Display Driver, vGPU Software, Cloud Gaming |
Version: All versions up to and including the June 2024 release |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0107", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-08T18:35:37.897108Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T18:36:36.982Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "GPU Display Driver, vGPU Software, Cloud Gaming", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions up to and including the June 2024 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.\u003c/span\u003e" } ], "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, data tampering" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-08T16:57:49.154Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5557" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2024-0107", "datePublished": "2024-08-08T16:57:49.154Z", "dateReserved": "2023-12-02T00:42:17.123Z", "dateUpdated": "2024-08-08T18:36:36.982Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31607
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:17.608507", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31607", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0190
Vulnerability from cvelistv5
Published
2023-04-22 02:19
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.809Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service." } ], "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Denial of Service" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-22T02:19:06.133Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-0190", "datePublished": "2023-04-22T02:19:06.133Z", "dateReserved": "2023-01-11T05:48:45.857Z", "dateUpdated": "2024-08-02T05:02:43.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0091
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:nvidia:geforce:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "geforce", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:studio:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "studio", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:quadro_firmware:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "quadro_firmware", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:nvs_firmware:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nvs_firmware", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:rtx:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rtx", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:tesla:552.55:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tesla", "vendor": "nvidia", "versions": [ { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0091", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-15T03:55:35.767Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU display driver, vGPU software, and Cloud Gaming", "vendor": "nvidia", "versions": [ { "status": "affected", "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering." } ], "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Denial of service, information disclosure, data tampering" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:29.556Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "source": { "discovery": "UNKNOWN" }, "title": "CVE" } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2024-0091", "datePublished": "2024-06-13T21:23:29.556Z", "dateReserved": "2023-12-02T00:42:00.978Z", "dateUpdated": "2024-08-01T17:41:15.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31616
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31616", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21814
Vulnerability from cvelistv5
Published
2022-02-07 00:00
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Drivers for Linux |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:53:36.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Drivers for Linux" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:25.441310", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-21814", "datePublished": "2022-02-07T00:00:00", "dateReserved": "2021-12-10T00:00:00", "dateUpdated": "2024-08-03T02:53:36.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34670
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-197", "description": "CWE-197", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:40.427321", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34670", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28183
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows and Linux |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.258Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows and Linux" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:29.843728", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28183", "datePublished": "2022-05-17T00:00:00", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.258Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31610
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.721Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31610", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.721Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21813
Vulnerability from cvelistv5
Published
2022-02-07 00:00
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5312 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Linux |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:53:36.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Linux" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:43.478146", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-21813", "datePublished": "2022-02-07T00:00:00", "dateReserved": "2021-12-10T00:00:00", "dateUpdated": "2024-08-03T02:53:36.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34677
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.722Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:41.944367", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34677", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.722Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1095
Vulnerability from cvelistv5
Published
2021-07-22 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:01.427915", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1095", "datePublished": "2021-07-22T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1093
Vulnerability from cvelistv5
Published
2021-07-22 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.490Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:22.495887", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1093", "datePublished": "2021-07-22T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.490Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34674
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:06.046625", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34674", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1075
Vulnerability from cvelistv5
Published
2021-04-21 22:30
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "code exectution, denial of service, escalation of privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-30T10:18:23", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1075", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of service, or escalation of privileges. Attacker does not have any control over the information and may conduct limited data modification." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "code exectution, denial of service, escalation of privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1075", "datePublished": "2021-04-21T22:30:36", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42262
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.722Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-30T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42262", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.722Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1074
Vulnerability from cvelistv5
Published
2021-04-21 22:30
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: R390 driver branch |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "R390 driver branch" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "code execution, denial of service, escalation of privileges, information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-01T18:49:02", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1074", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "R390 driver branch" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires the attacker to replace the files in a very short time window between file integrity validation and execution. Such an attack may lead to code execution, escalation of privileges, denial of service, and information disclosure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "code execution, denial of service, escalation of privileges, information disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1074", "datePublished": "2021-04-21T22:30:34", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42254
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:16.348616", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42254", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0092
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0092", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T16:45:14.826848Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T16:45:23.624Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU display driver, vGPU software, and Cloud Gaming", "vendor": "nvidia", "versions": [ { "status": "affected", "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service." } ], "value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Denial of service" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-703", "description": "CWE-703", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:30.327Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "source": { "discovery": "UNKNOWN" }, "title": "CVE" } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2024-0092", "datePublished": "2024-06-13T21:23:30.327Z", "dateReserved": "2023-12-02T00:42:01.816Z", "dateUpdated": "2024-08-01T17:41:15.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0199
Vulnerability from cvelistv5
Published
2023-04-22 02:19
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.1, 13.6, 11.11, and all versions prior to and including February 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering." } ], "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Data Tampering, Denial of Service" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-22T02:19:48.182Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452" }, { "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-0199", "datePublished": "2023-04-22T02:19:48.182Z", "dateReserved": "2023-01-11T05:48:51.162Z", "dateUpdated": "2024-08-02T05:02:43.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34671
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver for Windows |
Version: All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "tags": [ "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720" }, { "tags": [ "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721" }, { "tags": [ "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NVIDIA GPU Display Driver for Windows", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.\u003c/span\u003e\n\n\u003c/p\u003e" } ], "value": "\nNVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.\n\n\n\n" } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, information disclosure, and denial of service" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-03T23:25:44.383Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720" }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721" }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34671", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-5676
Vulnerability from cvelistv5
Published
2019-05-10 20:21
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/4797 | x_refsource_CONFIRM | |
https://nvidia.custhelp.com/app/answers/detail/a_id/4806 | x_refsource_CONFIRM | |
https://support.lenovo.com/us/en/product_security/LEN-27815 | x_refsource_CONFIRM | |
https://nvidia.custhelp.com/app/answers/detail/a_id/4841 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:01:52.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-27815" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All" } ] } ], "datePublic": "2019-05-09T00:00:00", "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privileges, code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-02T18:06:06", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-27815" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2019-5676", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privileges, code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4797" }, { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" }, { "name": "https://support.lenovo.com/us/en/product_security/LEN-27815", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-27815" }, { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4841" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2019-5676", "datePublished": "2019-05-10T20:21:18", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T20:01:52.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1077
Vulnerability from cvelistv5
Published
2021-04-21 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: R450 and R460 driver branch |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "R450 and R460 driver branch" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:51.053039", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1077", "datePublished": "2021-04-21T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42264
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-823", "description": "CWE-823", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:34.539622", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42264", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1115
Vulnerability from cvelistv5
Published
2021-10-27 20:35
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5230 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.573Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-27T20:35:12", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component." } ] }, "impact": { "cvss": { "baseScore": 6.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1115", "datePublished": "2021-10-27T20:35:12", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.573Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28182
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.490Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:27", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components." } ] }, "impact": { "cvss": { "baseScore": 8.5, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28182", "datePublished": "2022-05-17T19:15:27", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.490Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34684
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:34.360517", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34684", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.827Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28184
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows and Linux |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows and Linux" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:13.438596", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28184", "datePublished": "2022-05-17T00:00:00", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31615
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | GeForce, Workstation, Compute |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:01.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GeForce, Workstation, Compute", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:49.627028", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31615", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:01.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34680
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:16.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-197", "description": "CWE-197", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:55.546760", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34680", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:16.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1117
Vulnerability from cvelistv5
Published
2021-10-27 20:35
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5230 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129: Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-27T20:35:15", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1117", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service." } ] }, "impact": { "cvss": { "baseScore": 4.7, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-129: Improper Validation of Array Index" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1117", "datePublished": "2021-10-27T20:35:15", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31606
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31606", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1078
Vulnerability from cvelistv5
Published
2021-04-21 22:30
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5172 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.520Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-21T22:30:38", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1078", "datePublished": "2021-04-21T22:30:38", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1094
Vulnerability from cvelistv5
Published
2021-07-22 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service, information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:28.396524", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1094", "datePublished": "2021-07-22T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34675
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-11T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34675", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31617
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31617", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:00.806Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28181
Vulnerability from cvelistv5
Published
2022-05-17 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows and Linux |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows and Linux" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:10.483658", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28181", "datePublished": "2022-05-17T00:00:00", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0089
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:nvidia:geforce:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "geforce", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:studio:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "studio", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:quadro_firmware:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "quadro_firmware", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:nvs_firmware:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nvs_firmware", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:rtx:555.99:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rtx", "vendor": "nvidia", "versions": [ { "lessThan": "555.99", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:tesla:552.55:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tesla", "vendor": "nvidia", "versions": [ { "lessThan": "552.55", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0089", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-15T03:55:35.510137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T12:53:30.805Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU display driver, vGPU software, and Cloud Gaming", "vendor": "nvidia", "versions": [ { "status": "affected", "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering." } ], "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, information disclosure, data tampering" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:29.198Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "source": { "discovery": "UNKNOWN" }, "title": "CVE" } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2024-0089", "datePublished": "2024-06-13T21:23:29.198Z", "dateReserved": "2023-12-02T00:41:59.121Z", "dateUpdated": "2024-08-01T17:41:15.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1091
Vulnerability from cvelistv5
Published
2021-07-22 04:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service, data loss", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T04:25:29", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service, data loss" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1091", "datePublished": "2021-07-22T04:25:29", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31613
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:01.011Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31613", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:01.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1076
Vulnerability from cvelistv5
Published
2021-04-21 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service , escalation of privileges, data loss", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:23.976013", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5172" }, { "name": "[debian-lts-announce] 20220118 [SECURITY] [DLA 2888-1] nvidia-graphics-drivers security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00013.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1076", "datePublished": "2021-04-21T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34665
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5383 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:32.855490", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34665", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34673
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver for Linux |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver for Linux", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:06:59.928181", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-34673", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T09:15:15.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42260
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:11.877357", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42260", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1090
Vulnerability from cvelistv5
Published
2021-07-22 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | ||
https://security.gentoo.org/glsa/202310-02 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service, data tampering", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:09.063450", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1090", "datePublished": "2021-07-22T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25516
Vulnerability from cvelistv5
Published
2023-07-03 23:26
Modified
2024-10-24 19:52
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | GPU Display Driver for Linux |
Version: All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:18.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25516", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-24T19:49:31.931311Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-24T19:52:38.807Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU Display Driver for Linux", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.\u003c/span\u003e\n\n" } ], "value": "\nNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.\n\n" } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Information disclosure and denial of service" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-03T23:26:36.464Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-25516", "datePublished": "2023-07-03T23:26:36.464Z", "dateReserved": "2023-02-07T02:57:17.084Z", "dateUpdated": "2024-10-24T19:52:38.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1096
Vulnerability from cvelistv5
Published
2021-07-22 04:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T04:25:37", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1096", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system crash." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1096", "datePublished": "2021-07-22T04:25:37", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31612
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA Cloud Gaming (guest driver) |
Version: All versions prior to the August 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:01.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA Cloud Gaming (guest driver)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to the August 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-18T00:00:00", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-31612", "datePublished": "2022-11-18T00:00:00", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T07:26:01.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28190
Vulnerability from cvelistv5
Published
2022-05-17 19:15
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions for Windows |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:37.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions for Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-17T19:15:38", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28190", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions for Windows" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28190", "datePublished": "2022-05-17T19:15:38", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1116
Vulnerability from cvelistv5
Published
2021-10-27 20:35
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5230 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-27T20:35:14", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1116", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash." } ] }, "impact": { "cvss": { "baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1116", "datePublished": "2021-10-27T20:35:14", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25517
Vulnerability from cvelistv5
Published
2023-07-03 23:27
Modified
2024-12-04 17:18
Severity ?
EPSS score ?
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software |
Version: All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.070Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25517", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T17:17:09.653475Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T17:18:54.820Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "vGPU software", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\u003c/span\u003e\n\n" } ], "value": "\nNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\n\n" } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Information disclosure and data tampering" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-03T23:27:05.649Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-25517", "datePublished": "2023-07-03T23:27:05.649Z", "dateReserved": "2023-02-07T02:57:17.084Z", "dateUpdated": "2024-12-04T17:18:54.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1092
Vulnerability from cvelistv5
Published
2021-07-22 04:25
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All GPU Driver versions |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.526Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All GPU Driver versions" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service, data tampering", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-22T04:25:30", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1092", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All GPU Driver versions" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service, data tampering" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5211" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2021-1092", "datePublished": "2021-07-22T04:25:31", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-08-03T15:55:18.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-5966
Vulnerability from cvelistv5
Published
2020-06-25 21:55
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges.
References
▼ | URL | Tags |
---|---|---|
https://nvidia.custhelp.com/app/answers/detail/a_id/5031 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | NVIDIA GPU Display Driver |
Version: All |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:47:41.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service or escalation of privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-25T21:55:12", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2020-5966", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NVIDIA GPU Display Driver", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "NVIDIA" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, in which a NULL pointer is dereferenced, leading to denial of service or potential escalation of privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "denial of service or escalation of privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5031" } ] } } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2020-5966", "datePublished": "2020-06-25T21:55:12", "dateReserved": "2020-01-07T00:00:00", "dateUpdated": "2024-08-04T08:47:41.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0090
Vulnerability from cvelistv5
Published
2024-06-13 21:23
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | nvidia | GPU display driver, vGPU software, and Cloud Gaming |
Version: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "gpu_display_driver", "vendor": "nvidia", "versions": [ { "lessThanOrEqual": "17.1", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "16.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "13.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:virtual_gpu:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "virtual_gpu", "vendor": "nvidia", "versions": [ { "lessThanOrEqual": "16.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "17.1", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "13.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:cloud_gaming:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "cloud_gaming", "vendor": "nvidia", "versions": [ { "lessThanOrEqual": "13.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "17.1", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "16.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-0090", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-15T03:55:33.792Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU display driver, vGPU software, and Cloud Gaming", "vendor": "nvidia", "versions": [ { "status": "affected", "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": true, "type": "text/html", "value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ], "value": "NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, data tampering" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-13T21:23:28.800Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551" } ], "source": { "discovery": "UNKNOWN" }, "title": "CVE" } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2024-0090", "datePublished": "2024-06-13T21:23:28.800Z", "dateReserved": "2023-12-02T00:41:59.934Z", "dateUpdated": "2024-08-01T17:41:15.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25515
Vulnerability from cvelistv5
Published
2023-06-23 17:07
Modified
2024-11-29 14:34
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | GPU Display Driver for Windows and Linux |
Version: All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:18.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "gpu_display_driver", "vendor": "nvidia", "versions": [ { "lessThanOrEqual": "15.2", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "13.7" }, { "status": "affected", "version": "11.12" }, { "lessThanOrEqual": "may2023", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:*" ], "defaultStatus": "unaffected", "product": "gpu_display_driver", "vendor": "nvidia", "versions": [ { "lessThanOrEqual": "15.2", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "13.7" }, { "status": "affected", "version": "11.2" }, { "lessThanOrEqual": "may2023", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-25515", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-29T14:31:46.762145Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-29T14:34:40.209Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GPU Display Driver for Windows and Linux", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.\u003c/span\u003e\n\n \u003c/span\u003e\n\n" } ], "value": "\n\n\nNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.\n\n \n\n" } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Code execution, denial of service, escalation of privileges, data tampering, or information disclosure" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-03T23:26:15.468Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2023-25515", "datePublished": "2023-06-23T17:07:50.994Z", "dateReserved": "2023-02-07T02:57:17.083Z", "dateUpdated": "2024-11-29T14:34:40.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42257
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | NVIDIA | vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.760Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release" } ] } ], "descriptions": [ { "lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T14:07:37.405120", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415" }, { "name": "[debian-lts-announce] 20230511 [SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html" }, { "name": "GLSA-202310-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-02" } ] } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-42257", "datePublished": "2022-12-30T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.760Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }