Lucene search

[email protected]CVE-2022-28182

HistoryMay 17, 2022 - 8:15 p.m.

CVE-2022-28182

2022-05-1720:15:08

CWE-787

[email protected]

web.nvd.nist.gov

nvidia

gpu

display driver

windows

cve-2022-28182

dx11

vulnerability

out-of-bounds write

code execution

denial of service

escalation of privileges

information disclosure

data tampering

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Affected configurations

NVD

Node

nvidiagpu_display_driverMatch-windows

Node

microsoftwindowsMatch-

AND

nvidiavirtual_gpuRange11.0–11.8

nvidiavirtual_gpuRange13.0–13.3

nvidiavirtual_gpuMatch14.0

CPENameOperatorVersion
nvidia:gpu_display_drivernvidia gpu display drivereq-

CPE	Name	Operator	Version
nvidia:gpu_display_driver	nvidia gpu display driver	eq	-

CNA Affected

[
  {
    "product": "NVIDIA GPU Display Driver",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All GPU Driver versions for Windows"
      }
    ]
  }
]