CVE-2022-28181

2022-05-1700:00:00

CWE-787

nvidia

www.cve.org

nvidia

gpu

display driver

windows

linux

vulnerability

kernel mode

out-of-bounds write

shader

code execution

denial of service

escalation of privileges

information disclosure

data tampering

network

impact

components

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

CNA Affected

[
  {
    "vendor": "NVIDIA",
    "product": "NVIDIA GPU Display Driver",
    "versions": [
      {
        "version": "All GPU Driver versions for Windows and Linux",
        "status": "affected"
      }
    ]
  }
]