Lucene search

K
cveNvidiaCVE-2022-28182
HistoryMay 17, 2022 - 8:15 p.m.

CVE-2022-28182

2022-05-1720:15:08
CWE-787
nvidia
web.nvd.nist.gov
61
2
nvidia
gpu
display driver
windows
cve-2022-28182
dx11
vulnerability
out-of-bounds write
code execution
denial of service
escalation of privileges
information disclosure
data tampering
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

35.9%

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Affected configurations

Nvd
Node
nvidiagpu_display_driverMatch-windows
Node
microsoftwindowsMatch-
AND
nvidiavirtual_gpuRange11.0–11.8
OR
nvidiavirtual_gpuRange13.0–13.3
OR
nvidiavirtual_gpuMatch14.0
VendorProductVersionCPE
nvidiagpu_display_driver-cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
nvidiavirtual_gpu*cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
nvidiavirtual_gpu14.0cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "NVIDIA GPU Display Driver",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All GPU Driver versions for Windows"
      }
    ]
  }
]

Social References

More

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

35.9%