Lucene search

[email protected]CVE-2022-42260

HistoryDec 30, 2022 - 11:15 p.m.

CVE-2022-42260

2022-12-3023:15:11

CWE-281

[email protected]

web.nvd.nist.gov

nvidia

vgpu

display driver

linux

vulnerability

d-bus

guest vm

code execution

denial of service

escalation of privileges

information disclosure

data tampering

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Affected configurations

NVD

Node

nvidiavirtual_gpuRange<11.11

nvidiavirtual_gpuRange12.0–13.6

nvidiavirtual_gpuRange14.0–14.4

AND

citrixhypervisorMatch-

linuxlinux_kernelMatch-

redhatenterprise_linux_kernel-based_virtual_machineMatch-

vmwarevsphereMatch-

Node

nvidiacloud_gamingRange<525.60.11

AND

linuxlinux_kernelMatch-

Node

nvidiagpu_display_driverRange470–470.161.03linux

nvidiagpu_display_driverRange510–510.108.03linux

AND

nvidiageforceMatch-

nvidianvsMatch-

nvidiaquadroMatch-

nvidiartxMatch-

Node

nvidiagpu_display_driverRange450–450.216.04linux

nvidiagpu_display_driverRange470–470.161.03linux

nvidiagpu_display_driverRange510–510.108.03linux

AND

nvidiateslaMatch-

Node

nvidiacloud_gamingRange<525.60.12

AND

citrixhypervisorMatch-

redhatenterprise_linux_kernel-based_virtual_machineMatch-

CPENameOperatorVersion
nvidia:virtual_gpunvidia virtual gpult11.11
nvidia:virtual_gpunvidia virtual gpult13.6
nvidia:virtual_gpunvidia virtual gpult14.4

CPE	Name	Operator	Version
nvidia:virtual_gpu	nvidia virtual gpu	lt	11.11
nvidia:virtual_gpu	nvidia virtual gpu	lt	13.6
nvidia:virtual_gpu	nvidia virtual gpu	lt	14.4

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "vGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver)",
    "versions": [
      {
        "version": "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release",
        "status": "affected"
      }
    ]
  }
]