Lucene search

NvidiaCVELIST:CVE-2022-42270

HistoryDec 30, 2022 - 12:00 a.m.

CVE-2022-42270

2022-12-3000:00:00

CWE-121

nvidia

www.cve.org

nvidia

linux

vulnerability

unvalidated input

buffer overflow

escalation of privileges

integrity

confidentiality

denial of service

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Jetson Linux"
    ],
    "product": "NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "Versions 35.1 and 34.1.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Jetson Linux"
    ],
    "product": "NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "32.7.2 and prior releases"
      }
    ]
  }
]

References

nvidia.custhelp.com/app/answers/detail/a_id/5417

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2022-42270