DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2022-42261", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2022-42261", "description": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.", "published": "2022-12-30T23:15:00", "modified": "2022-12-30T23:15:00", "epss": [{"cve": "CVE-2022-42261", "epss": 0.00043, "percentile": 0.06886, "modified": "2023-12-03"}], "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://security-tracker.debian.org/tracker/CVE-2022-42261", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2022-42261"], "immutableFields": [], "lastseen": "2023-12-03T18:28:51", "viewCount": 22, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-42261"]}, {"type": "gentoo", "idList": ["GLSA-202310-02"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202310-02.NASL", "NVIDIA_UNIX_2022_11.NASL", "NVIDIA_VGPU_2022_11.NASL"]}, {"type": "nvidia", "idList": ["NVIDIA:5415"]}, {"type": "prion", "idList": ["PRION:CVE-2022-42261"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-42261"]}]}, "epss": [{"cve": "CVE-2022-42261", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}], "vulnersScore": 7.4}, "_state": {"score": 1701628425, "dependencies": 1701628361, "epss": 0}, "_internal": {"score_hash": "685df7b4fb900774cd7b35bd99d806de"}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "nvidia-graphics-drivers_510.108.03-1_all.deb", "packageVersion": "510.108.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "nvidia-graphics-drivers_470.161.03-1_all.deb", "packageVersion": "470.161.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "nvidia-graphics-drivers_418.226.00-3_all.deb", "packageVersion": "418.226.00-3", "operator": "le", "status": "open", "packageName": "nvidia-graphics-drivers"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers_510.108.03-1_all.deb", "packageVersion": "510.108.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers"}, {"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla_510.108.03-1_all.deb", "packageVersion": "510.108.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla_510.108.03-1_all.deb", "packageVersion": "510.108.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-418_418.226.00-6~deb11u1_all.deb", "packageVersion": "418.226.00-6~deb11u1", "operator": "le", "status": "open", "packageName": "nvidia-graphics-drivers-tesla-418"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-418_418.226.00-13_all.deb", "packageVersion": "418.226.00-13", "operator": "le", "status": "open", "packageName": "nvidia-graphics-drivers-tesla-418"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-450_450.216.04-1~deb11u1_all.deb", "packageVersion": "450.216.04-1~deb11u1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-450"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-450_450.216.04-1_all.deb", "packageVersion": "450.216.04-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-450"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-460_460.106.00-3_all.deb", "packageVersion": "460.106.00-3", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-460"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-460_460.106.00-3_all.deb", "packageVersion": "460.106.00-3", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-460"}, {"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-470_470.161.03-1_all.deb", "packageVersion": "470.161.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-470"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-470_470.161.03-1~deb11u1_all.deb", "packageVersion": "470.161.03-1~deb11u1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-470"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "nvidia-graphics-drivers-tesla-470_470.161.03-1_all.deb", "packageVersion": "470.161.03-1", "operator": "lt", "status": "resolved", "packageName": "nvidia-graphics-drivers-tesla-470"}]}

{"ubuntucve": [{"lastseen": "2023-12-03T13:27:45", "description": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager\n(vGPU plugin), where an input index is not validated, which may lead to\nbuffer overrun, which in turn may cause data tampering, information\ndisclosure, or denial of service.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | some binary drivers are no longer support by NVidia, so they are marked as ignored here\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T00:00:00", "type": "ubuntucve", "title": "CVE-2022-42261", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42261"], "modified": "2022-12-30T00:00:00", "id": "UB:CVE-2022-42261", "href": "https://ubuntu.com/security/CVE-2022-42261", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-20T23:52:36", "description": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T23:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42261"], "modified": "2023-10-19T01:33:00", "id": "PRION:CVE-2022-42261", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-42261", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T16:15:37", "description": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T23:15:00", "type": "cve", "title": "CVE-2022-42261", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-42261"], "modified": "2023-10-19T01:33:00", "cpe": [], "id": "CVE-2022-42261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42261", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}], "nessus": [{"lastseen": "2023-10-06T04:31:46", "description": "The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. (CVE-2022-42264)\n\n - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. (CVE-2022-42262) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-14T00:00:00", "type": "nessus", "title": "NVIDIA Virtual GPU Manager Multiple Vulnerabilities (November 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-34670", "CVE-2022-34674", "CVE-2022-34675", "CVE-2022-34676", "CVE-2022-34677", "CVE-2022-34678", "CVE-2022-34679", "CVE-2022-34680", "CVE-2022-34682", "CVE-2022-34684", "CVE-2022-42254", "CVE-2022-42255", "CVE-2022-42256", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259", "CVE-2022-42261", "CVE-2022-42262", "CVE-2022-42263", "CVE-2022-42264"], "modified": "2023-09-15T00:00:00", "cpe": ["cpe:/a:nvidia:virtual_gpu_manager"], "id": "NVIDIA_VGPU_2022_11.NASL", "href": "https://www.tenable.com/plugins/nessus/181414", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181414);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/15\");\n\n script_cve_id(\n \"CVE-2022-34670\",\n \"CVE-2022-34674\",\n \"CVE-2022-34675\",\n \"CVE-2022-34676\",\n \"CVE-2022-34677\",\n \"CVE-2022-34678\",\n \"CVE-2022-34679\",\n \"CVE-2022-34680\",\n \"CVE-2022-34682\",\n \"CVE-2022-34684\",\n \"CVE-2022-42254\",\n \"CVE-2022-42255\",\n \"CVE-2022-42256\",\n \"CVE-2022-42257\",\n \"CVE-2022-42258\",\n \"CVE-2022-42259\",\n \"CVE-2022-42261\",\n \"CVE-2022-42262\",\n \"CVE-2022-42263\",\n \"CVE-2022-42264\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0504\");\n\n script_name(english:\"NVIDIA Virtual GPU Manager Multiple Vulnerabilities (November 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A GPU virtualization application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller\n size causes data to be lost in the conversion, which may lead to denial of service or information\n disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an\n unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data\n tampering, data loss, information disclosure, or denial of service. (CVE-2022-42264)\n\n - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input\n index is not validated, which may lead to buffer overrun, which in turn may cause data tampering,\n information disclosure, or denial of service. (CVE-2022-42262)\n \nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvidia.custhelp.com/app/answers/detail/a_id/5415\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update NVIDIA vGPU Manager software to version 11.11, 13.6, 14.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42264\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nvidia:virtual_gpu_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nvidia_vgpu_manager_installed.nbin\");\n script_require_keys(\"installed_sw/NVIDIA Virtual GPU Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'NVIDIA Virtual GPU Manager');\n\nvar constraints = [\n { 'min_version' : '450', 'fixed_version' : '450.216.04', 'fixed_display' : '11.11 (450.216.04)' },\n { 'min_version' : '470', 'fixed_version' : '470.161.02', 'fixed_display' : '13.6 (470.161.02)' },\n { 'min_version' : '510', 'fixed_version' : '510.108.03', 'fixed_display' : '14.4 (510.108.03)' },\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:54:56", "description": "The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34676)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. (CVE-2022-42263)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-02T00:00:00", "type": "nessus", "title": "NVIDIA Linux GPU Display Driver (Nov 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-34670", "CVE-2022-34673", "CVE-2022-34674", "CVE-2022-34675", "CVE-2022-34676", "CVE-2022-34677", "CVE-2022-34679", "CVE-2022-34680", "CVE-2022-34682", "CVE-2022-34684", "CVE-2022-42254", "CVE-2022-42255", "CVE-2022-42256", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259", "CVE-2022-42260", "CVE-2022-42261", "CVE-2022-42262", "CVE-2022-42263", "CVE-2022-42264", "CVE-2022-42265"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:nvidia:gpu_driver"], "id": "NVIDIA_UNIX_2022_11.NASL", "href": "https://www.tenable.com/plugins/nessus/168369", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168369);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2022-34670\",\n \"CVE-2022-34673\",\n \"CVE-2022-34674\",\n \"CVE-2022-34675\",\n \"CVE-2022-34677\",\n \"CVE-2022-34679\",\n \"CVE-2022-34680\",\n \"CVE-2022-34682\",\n \"CVE-2022-34684\",\n \"CVE-2022-42254\",\n \"CVE-2022-42255\",\n \"CVE-2022-42256\",\n \"CVE-2022-42257\",\n \"CVE-2022-42258\",\n \"CVE-2022-42259\",\n \"CVE-2022-42260\",\n \"CVE-2022-42261\",\n \"CVE-2022-42262\",\n \"CVE-2022-42263\",\n \"CVE-2022-42264\",\n \"CVE-2022-42265\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0504\");\n\n script_name(english:\"NVIDIA Linux GPU Display Driver (Nov 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A display driver installed on the remote Linux host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller\n size causes data to be lost in the conversion, which may lead to denial of service or information\n disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n out-of-bounds read may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34676)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n Integer overflow may lead to denial of service or information disclosure. (CVE-2022-42263)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version \nnumber.\");\n # https://nvidia.custhelp.com/app/answers/detail/a_id/5415\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a7a9b79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the NVIDIA graphics driver in accordance with the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42264\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nvidia:gpu_driver\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nvidia_unix_driver_detect.nbin\");\n script_require_keys(\"NVIDIA_UNIX_Driver/Version\", \"NVIDIA_UNIX_Driver/GPU_Model\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf_extras_nvidia.inc');\n\nvar app_info = vcf::nvidia_gpu::get_app_info();\n\nif (report_paranoia < 2) \n audit(AUDIT_PARANOID);\n\nvar constraints = [\n {'min_version':'390', 'fixed_version':'390.157', 'gpumodel':['geforce', 'nvs', 'quadro']},\n {'min_version':'450', 'fixed_version':'450.216.04', 'gpumodel':'tesla'},\n {'min_version':'470', 'fixed_version':'470.161.03', 'gpumodel':['geforce', 'nvs', 'quadro', 'tesla']},\n {'min_version':'510', 'fixed_version':'510.108.03', 'gpumodel':['geforce', 'nvs', 'quadro', 'tesla']},\n {'min_version':'515', 'fixed_version':'515.86.01', 'gpumodel':['geforce', 'nvs', 'quadro', 'tesla']},\n {'min_version':'525', 'fixed_version':'525.60.11', 'gpumodel':['geforce', 'nvs', 'quadro']},\n # R525 Update available on December 1, 2022\n {'min_version':'525', 'fixed_version':'525.60.13', 'gpumodel':'tesla'}\n];\n\nvcf::nvidia_gpu::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_WARNING\n);\n \n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T11:07:31", "description": "The remote host is affected by the vulnerability described in GLSA-202310-02 (NVIDIA Drivers: Multiple Vulnerabilities)\n\n - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. (CVE-2021-1052)\n\n - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. (CVE-2021-1053)\n\n - NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service. (CVE-2021-1090)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. (CVE-2021-1093)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. (CVE-2021-1094)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. (CVE-2021-1095)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. (CVE-2022-28181)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. (CVE-2022-28183)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.\n (CVE-2022-28184)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. (CVE-2022-28185)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. (CVE-2022-31607)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.\n (CVE-2022-31608)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-31615)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. (CVE-2022-34666)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34673, CVE-2022-42255)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. (CVE-2022-34674)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34676)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering. (CVE-2022-34677)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34678)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34679)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.\n (CVE-2022-34680)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34682)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. (CVE-2022-34684)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.\n (CVE-2022-42254)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. (CVE-2022-42256)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.\n (CVE-2022-42257)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.\n (CVE-2022-42258)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. (CVE-2022-42259)\n\n - NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.\n (CVE-2022-42260)\n\n - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. (CVE-2022-42261)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. (CVE-2022-42263)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. (CVE-2022-42264)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering. (CVE-2022-42265)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. (CVE-2023-0180)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. (CVE-2023-0181)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of- bounds write can lead to denial of service and data tampering. (CVE-2023-0183)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.\n (CVE-2023-0184)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. (CVE-2023-0185)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. (CVE-2023-0187)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. (CVE-2023-0188)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. (CVE-2023-0189)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. (CVE-2023-0190)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. (CVE-2023-0191)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. (CVE-2023-0194)\n\n - NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver (CVE-2023-0195)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. (CVE-2023-0198)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. (CVE-2023-0199)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-03T00:00:00", "type": "nessus", "title": "GLSA-202310-02 : NVIDIA Drivers: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1052", "CVE-2021-1053", "CVE-2021-1056", "CVE-2021-1090", "CVE-2021-1093", "CVE-2021-1094", "CVE-2021-1095", "CVE-2022-28181", "CVE-2022-28183", "CVE-2022-28184", "CVE-2022-28185", "CVE-2022-31607", "CVE-2022-31608", "CVE-2022-31615", "CVE-2022-34666", "CVE-2022-34670", "CVE-2022-34673", "CVE-2022-34674", "CVE-2022-34676", "CVE-2022-34677", "CVE-2022-34678", "CVE-2022-34679", "CVE-2022-34680", "CVE-2022-34682", "CVE-2022-34684", "CVE-2022-42254", "CVE-2022-42255", "CVE-2022-42256", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259", "CVE-2022-42260", "CVE-2022-42261", "CVE-2022-42263", "CVE-2022-42264", "CVE-2022-42265", "CVE-2023-0180", "CVE-2023-0181", "CVE-2023-0183", "CVE-2023-0184", "CVE-2023-0185", "CVE-2023-0187", "CVE-2023-0188", "CVE-2023-0189", "CVE-2023-0190", "CVE-2023-0191", "CVE-2023-0194", "CVE-2023-0195", "CVE-2023-0198", "CVE-2023-0199"], "modified": "2023-10-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nvidia-drivers", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202310-02.NASL", "href": "https://www.tenable.com/plugins/nessus/182438", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202310-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(182438);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/13\");\n\n script_cve_id(\n \"CVE-2021-1052\",\n \"CVE-2021-1053\",\n \"CVE-2021-1056\",\n \"CVE-2021-1090\",\n \"CVE-2021-1093\",\n \"CVE-2021-1094\",\n \"CVE-2021-1095\",\n \"CVE-2022-28181\",\n \"CVE-2022-28183\",\n \"CVE-2022-28184\",\n \"CVE-2022-28185\",\n \"CVE-2022-31607\",\n \"CVE-2022-31608\",\n \"CVE-2022-31615\",\n \"CVE-2022-34666\",\n \"CVE-2022-34670\",\n \"CVE-2022-34673\",\n \"CVE-2022-34674\",\n \"CVE-2022-34676\",\n \"CVE-2022-34677\",\n \"CVE-2022-34678\",\n \"CVE-2022-34679\",\n \"CVE-2022-34680\",\n \"CVE-2022-34682\",\n \"CVE-2022-34684\",\n \"CVE-2022-42254\",\n \"CVE-2022-42255\",\n \"CVE-2022-42256\",\n \"CVE-2022-42257\",\n \"CVE-2022-42258\",\n \"CVE-2022-42259\",\n \"CVE-2022-42260\",\n \"CVE-2022-42261\",\n \"CVE-2022-42263\",\n \"CVE-2022-42264\",\n \"CVE-2022-42265\",\n \"CVE-2023-0180\",\n \"CVE-2023-0181\",\n \"CVE-2023-0183\",\n \"CVE-2023-0184\",\n \"CVE-2023-0185\",\n \"CVE-2023-0187\",\n \"CVE-2023-0188\",\n \"CVE-2023-0189\",\n \"CVE-2023-0190\",\n \"CVE-2023-0191\",\n \"CVE-2023-0194\",\n \"CVE-2023-0195\",\n \"CVE-2023-0198\",\n \"CVE-2023-0199\"\n );\n\n script_name(english:\"GLSA-202310-02 : NVIDIA Drivers: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202310-02 (NVIDIA Drivers: Multiple Vulnerabilities)\n\n - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode\n layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy\n privileged APIs, which may lead to denial of service, escalation of privileges, and information\n disclosure. (CVE-2021-1052)\n\n - NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode\n layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may\n lead to denial of service. (CVE-2021-1053)\n\n - NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer\n (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU\n device-level isolation, which may lead to denial of service or information disclosure. (CVE-2021-1056)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer\n (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index\n or pointer that references a memory location after the end of the buffer, which may lead to data tampering\n or denial of service. (CVE-2021-1090)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver\n contains an assert() or similar statement that can be triggered by an attacker, which leads to an\n application exit or other behavior that is more severe than necessary, and may lead to denial of service\n or system crash. (CVE-2021-1093)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer\n (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service\n or information disclosure. (CVE-2021-1094)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer\n (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted\n pointer may lead to denial of service. (CVE-2021-1095)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where\n an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted\n shader, which may lead to code execution, denial of service, escalation of privileges, information\n disclosure, and data tampering. The scope of the impact may extend to other components. (CVE-2022-28181)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where\n an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and\n information disclosure. (CVE-2022-28183)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer\n (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator-\n privileged registers, which may lead to denial of service, information disclosure, and data tampering.\n (CVE-2022-28184)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an\n unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data\n tampering. (CVE-2022-28185)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a\n local user with basic capabilities can cause improper input validation, which may lead to denial of\n service, escalation of privileges, data tampering, and limited information disclosure. (CVE-2022-31607)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file,\n where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code\n execution, denial of service, escalation of privileges, information disclosure, and data tampering.\n (CVE-2022-31608)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user\n with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-31615)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a\n local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of\n service. (CVE-2022-34666)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller\n size causes data to be lost in the conversion, which may lead to denial of service or information\n disclosure. (CVE-2022-34670)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34673, CVE-2022-42255)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a\n helper function maps more physical pages than were requested, which may lead to undefined behavior or an\n information leak. (CVE-2022-34674)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n out-of-bounds read may lead to denial of service, information disclosure, or data tampering.\n (CVE-2022-34676)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or\n data tampering. (CVE-2022-34677)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where\n an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34678)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34679)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n integer truncation can lead to an out-of-bounds read, which may lead to denial of service.\n (CVE-2022-34680)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an\n unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.\n (CVE-2022-34682)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an off-by-one error may lead to data tampering or information disclosure. (CVE-2022-34684)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.\n (CVE-2022-42254)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an integer overflow in index validation may lead to denial of service, information disclosure, or data\n tampering. (CVE-2022-42256)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an integer overflow may lead to information disclosure, data tampering or denial of service.\n (CVE-2022-42257)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an integer overflow may lead to denial of service, data tampering, or information disclosure.\n (CVE-2022-42258)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an integer overflow may lead to denial of service. (CVE-2022-42259)\n\n - NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where\n an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code\n execution, denial of service, escalation of privileges, information disclosure, or data tampering.\n (CVE-2022-42260)\n\n - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input\n index is not validated, which may lead to buffer overrun, which in turn may cause data tampering,\n information disclosure, or denial of service. (CVE-2022-42261)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an\n Integer overflow may lead to denial of service or information disclosure. (CVE-2022-42263)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an\n unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data\n tampering, data loss, information disclosure, or denial of service. (CVE-2022-42264)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where\n an integer overflow may lead to information disclosure or data tampering. (CVE-2022-42265)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may\n lead to denial of service or information disclosure. (CVE-2023-0180)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler,\n where memory permissions are not correctly checked, which may lead to denial of service and data\n tampering. (CVE-2023-0181)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-\n bounds write can lead to denial of service and data tampering. (CVE-2023-0183)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler\n which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.\n (CVE-2023-0184)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign\n conversion issuescasting an unsigned primitive to signed may lead to denial of service or information\n disclosure. (CVE-2023-0185)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler,\n where an out-of-bounds read can lead to denial of service. (CVE-2023-0187)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler,\n where an unprivileged user can cause improper restriction of operations within the bounds of a memory\n buffer cause an out-of-bounds read, which may lead to denial of service. (CVE-2023-0188)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may\n lead to code execution, denial of service, escalation of privileges, information disclosure, and data\n tampering. (CVE-2023-0189)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL\n pointer dereference may lead to denial of service. (CVE-2023-0190)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler,\n where an out-of-bounds access may lead to denial of service or data tampering. (CVE-2023-0191)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver,\n where an invalid display configuration may lead to denial of service. (CVE-2023-0194)\n\n - NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver\n nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant\n data such as local variable data of the driver (CVE-2023-0195)\n\n - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper\n restriction of operations within the bounds of a memory buffer can lead to denial of service, information\n disclosure, and data tampering. (CVE-2023-0198)\n\n - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler,\n where an out-of-bounds write can lead to denial of service and data tampering. (CVE-2023-0199)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202310-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=764512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=784596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=803389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=881341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=884045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=903614\");\n script_set_attribute(attribute:\"solution\", value:\n\"All NVIDIA Drivers 470 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=x11-drivers/nvidia-drivers-470.182.03:0/470\n \nAll NVIDIA Drivers 515 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=x11-drivers/nvidia-drivers-515.105.01:0/515\n \nAll NVIDIA Drivers 525 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=x11-drivers/nvidia-drivers-525.105.17:0/525\n \nAll NVIDIA Drivers 530 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=x11-drivers/nvidia-drivers-530.41.03:0/530\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1052\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-28181\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nvidia-drivers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'x11-drivers/nvidia-drivers',\n 'unaffected' : make_list(\"ge 470.182.03\", \"lt 470.0.0\"),\n 'vulnerable' : make_list(\"lt 470.182.03\")\n },\n {\n 'name' : 'x11-drivers/nvidia-drivers',\n 'unaffected' : make_list(\"ge 515.105.01\", \"lt 515.0.0\"),\n 'vulnerable' : make_list(\"lt 515.105.01\")\n },\n {\n 'name' : 'x11-drivers/nvidia-drivers',\n 'unaffected' : make_list(\"ge 525.105.17\", \"lt 525.0.0\"),\n 'vulnerable' : make_list(\"lt 525.105.17\")\n },\n {\n 'name' : 'x11-drivers/nvidia-drivers',\n 'unaffected' : make_list(\"ge 530.41.03\", \"lt 530.0.0\"),\n 'vulnerable' : make_list(\"lt 530.41.03\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'NVIDIA Drivers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "nvidia": [{"lastseen": "2023-12-03T16:54:19", "description": "NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.\n\nTo protect your system, download and install this software update through the [NVIDIA Driver Downloads](<https://www.nvidia.com/Download/index.aspx>) page or, for the vGPU software and NVIDIA Cloud Gaming updates, through the NVIDIA Licensing Portal.\n\nGo to [NVIDIA Product Security](<https://www.nvidia.com/security/>).\n\n### Details\n\nThis section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use [CWE\u2122](<https://cwe.mitre.org/>), and base scores and vectors use [CVSS v3.1](<https://www.first.org/cvss/user-guide>) standards.\n\n#### NVIDIA GPU Driver\n\n**CVE ID** | **Description** | **Base Score** | **CWE and Vector** \n---|---|---|--- \nCVE\u20112022\u201134669 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 8.8 | [CWE: 73](<https://cwe.mitre.org/data/definitions/73.html>) \n[AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>) \nCVE\u20112022\u201134671 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 8.5 | [CWE: 787](<https://cwe.mitre.org/data/definitions/787.html>) \n[AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H>) \nCVE\u20112022\u201134672 | NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands. | 7.8 | [CWE: 284](<https://cwe.mitre.org/data/definitions/284.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>) \nCVE\u20112022\u201134670 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | 7.8 | [CWE: 197](<https://cwe.mitre.org/data/definitions/197.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>) \nCVE\u20112022\u201142267 | NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 | [CWE-345](<https://cwe.mitre.org/data/definitions/345.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>) \nCVE\u20112022\u201142263 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. | 7.1 | [CWE: 190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H>) \nCVE\u20112022\u201134676 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. | 7.1 | [CWE-197](<https://cwe.mitre.org/data/definitions/197.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>) \nCVE\u20112022\u201142264 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. | 7.1 | [CWE-823](<https://cwe.mitre.org/data/definitions/823.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N>) \nCVE\u20112022\u201134674 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | 6.8 | [CWE: 200](<https://cwe.mitre.org/data/definitions/200.html>) \n[AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N>) \nCVE\u20112022\u201134678 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service. | 6.5 | [CWE: 476](<https://cwe.mitre.org/data/definitions/476.html>) \n[AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) \nCVE\u20112022\u201134679 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. | 5.5 | [CWE: 476](<https://cwe.mitre.org/data/definitions/476.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \nCVE\u20112022\u201134680 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | 5.5 | [CWE: 197](<https://cwe.mitre.org/data/definitions/197.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \nCVE\u20112022\u201134677 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering. | 5.5 | [CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>) \nCVE\u20112022\u201134681 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (`nvlddmkm.sys`) handler, where improper input validation of a display-related data structure may lead to denial of service. | 5.5 | [CWE: 20](<https://cwe.mitre.org/data/definitions/20.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \nCVE\u20112022\u201134682 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | [CWE: 476](<https://cwe.mitre.org/data/definitions/476.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \nCVE\u20112022\u201134683 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (`nvlddmkm.sys`) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service. | 5.5 | [CWE: 476](<https://cwe.mitre.org/data/definitions/476.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \nCVE\u20112022\u201142266 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (`nvlddmkm.sys`) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure. | 5.5 | [CWE: 200](<https://cwe.mitre.org/data/definitions/200.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>) \nCVE\u20112022\u201142257 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an integer overflow may lead to information disclosure, data tampering or denial of service. | 5.3 | [CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201142265 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an integer overflow may lead to information disclosure or data tampering. | 5.3 | [CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201134684 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an off-by-one error may lead to data tampering or information disclosure. | 5.3 | [CWE: 125](<https://cwe.mitre.org/data/definitions/125.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201142254 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure. | 5.3 | [CWE: 125](<https://cwe.mitre.org/data/definitions/125.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201142258 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | 5.3 | [CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201142255 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | 5.3 | [CWE: 787](<https://cwe.mitre.org/data/definitions/787.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201142256 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. | 5.3 | [CWE: 190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L>) \nCVE\u20112022\u201134673 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | 4.4 | [CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L>) \nCVE\u20112022\u201142259 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (`nvidia.ko`), where an integer overflow may lead to denial of service. | 4.4 | [CWE: 190](<https://cwe.mitre.org/data/definitions/190.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L>) \n \n#### NVIDIA vGPU Software\n\n**CVE ID** | **Description** | **Base Score** | **CWE and Vector** \n---|---|---|--- \nCVE\u20112022\u201142260 | NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 | [CWE: 281](<https://cwe.mitre.org/data/definitions/281.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>) \nCVE\u20112022\u201142261 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | 7.8 | [CWE: 120](<https://cwe.mitre.org/data/definitions/120.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>) \nCVE\u20112022\u201142262 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | 7.1 | [CWE: 787](<https://cwe.mitre.org/data/definitions/787.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H>) \nCVE\u20112022\u201134675 | NVIDIA Display Driver for Linux contains a vulnerability in the Virtual GPU Manager, where it does not check the return value from a null-pointer dereference, which may lead to denial of service. | 5.5 | [CWE-476](<https://cwe.mitre.org/data/definitions/476.html>) \n[AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) \n \nThe NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.\n\n### Security Updates for NVIDIA GPU Display Driver\n\n#### CVE IDs Addressed in Each Windows Driver Branch\n\nThe following table lists the CVE IDs addressed by the update in each Windows driver branch.\n\n**Windows Driver Branch ** | **CVE IDs Addressed** \n---|--- \nR525, R515, R450 | CVE\u20112022\u201142266, CVE\u20112022\u201142267, CVE\u20112022\u201134669, CVE\u20112022\u201134671, CVE\u20112022\u201134672, CVE\u20112022\u201134681, CVE\u20112022\u201134683 \nR510, R470 | CVE\u20112022\u201142266, CVE\u20112022\u201142267, CVE\u20112022\u201134669, CVE\u20112022\u201134671, CVE\u20112022\u201134672, CVE\u20112022\u201134678, CVE\u20112022\u201134681, CVE\u20112022\u201134683 \n \n#### Security Updates for NVIDIA GPU Windows Display Driver\n\nThe following table lists the NVIDIA software products affected, Windows driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the [NVIDIA Driver Downloads](<https://www.nvidia.com/Download/index.aspx>) page.\n\n**Software Product** | **Operating System** | **Driver Branch** | **Affected Driver Versions** | **Updated Driver Version** \n---|---|---|---|--- \nGeForce | Windows | R525 | All driver versions prior to 526.98 | 526.98 \nWindows 10 and 11 | R470 | All drivers versions prior to 474.14 for support of [GeForce Kepler desktop](<https://nvidia.custhelp.com/app/answers/detail/a_id/5202/kw/kepler%20desktop>) | 474.14 \nWindows 7 and 8._x_ | R470 | All driver versions prior to 474.11 | 474.11 \nStudio | Windows | R525 | All driver versions prior to 526.98 | 526.98 \nNVIDIA RTX, Quadro, NVS | Windows | R525 | All driver versions prior to 527.27 | 527.27 \nR515 | All driver versions prior to 517.88 | 517.88 \nR510 | All driver versions prior to 514.08 | 514.08 \nR470 | All driver versions prior to 474.14 | 474.14 \nTesla | Windows | R525 | All driver versions prior to 527.41 | 527.41 \nR515 | All driver versions prior to 517.88 | 517.88 \nR510 | All driver versions prior to 514.08 | 514.08 \nR470 | All driver versions prior to 474.14 | 474.14 \nR450 | All driver versions prior to 454.02 | 454.02 \n \n#### CVE IDs Addressed in Each Linux Driver Branch\n\n**Linux Driver Branch ** | **CVE IDs Addressed** \n---|--- \nR515 | CVE\u20112022\u201134670, CVE\u20112022\u201134673, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201134684, CVE\u20112022\u201142254, CVE\u20112022\u201142255, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142263, CVE\u20112022\u201142264, CVE\u20112022\u201142265 \nR510 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201134684, CVE\u20112022\u201142254, CVE\u20112022\u201142255, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \nR470 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201142254, CVE\u20112022\u201142255, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \nR450 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201142254, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \nR390 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134680, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259 \n \n#### Security Updates for NVIDIA GPU Linux Display Driver\n\nThe following table lists the NVIDIA software products affected, Linux driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the [NVIDIA Driver Downloads](<https://www.nvidia.com/Download/index.aspx>) page.\n\n**Software Product** | **Operating System** | **Driver Branch** | **Affected Driver Versions** | **Updated Driver Version** \n---|---|---|---|--- \nGeForce | Linux | R525 | All driver versions prior to 525.60.11 | 525.60.11 \nR515 | All driver versions prior to 515.86.01 | 515.86.01 \nR510 | All driver versions prior to 510.108.03 | 510.108.03 \nR470 | All driver versions prior to 470.161.03 | 470.161.03 \nR390 | All driver versions prior to 390.157 | 390.157 \nNVIDIA RTX, Quadro, NVS | Linux | R525 | All driver versions prior to 525.60.11 | 525.60.11 \nR515 | All driver versions prior to 515.86.01 | 515.86.01 \nR510 | All driver versions prior to 510.108.03 | 510.108.03 \nR470 | All driver versions prior to 470.161.03 | 470.161.03 \nR390 | All driver versions prior to 390.157 | 390.157 \nTesla | Linux | R525 | All driver versions prior to 525.60.13 | 525.60.13 \nR515 | All driver versions prior to 515.86.01 | 515.86.01 \nR510 | All driver versions prior to 510.108.03 | 510.108.03 \nR470 | All driver versions prior to 470.161.03 | 470.161.03 \nR450 | All driver versions prior to 450.216.04 | 450.216.04 \n \n**Notes: **\n\n * Your computer hardware vendor may provide you with Windows GPU display driver versions including 526.56, 522.35, 517.66, and 474.04, which also contain the security updates. \n * The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.\n * Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.\n\n### Security Updates for NVIDIA vGPU Software\n\n#### CVE IDs Addressed in Each vGPU Driver Branch\n\nThe following table lists the CVE IDs addressed by the update in each Windows driver branch.\n\n**Windows Driver Branch** | **CVE IDs Addressed** \n---|--- \nR525 | CVE\u20112022\u201142266, CVE\u20112022\u201142267, CVE\u20112022\u201134669, CVE\u20112022\u201134681, CVE\u20112022\u201134683, CVE\u20112022\u201134672 \nR510, R470, R450 | CVE\u20112022\u201142266, CVE\u20112022\u201134669, CVE\u20112022\u201134681, CVE\u20112022\u201134683, CVE\u20112022\u201134672 \n \nThe following table lists the CVE IDs addressed by the update in each Linux driver branch.\n\n**Linux Driver Branch** | **CVE IDs Addressed** \n---|--- \nR510 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201134684, CVE\u20112022\u201142254, CVE\u20112022\u201142255, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \nR470 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201142254, CVE\u20112022\u201142255, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \nR450 | CVE\u20112022\u201134670, CVE\u20112022\u201134674, CVE\u20112022\u201134675, CVE\u20112022\u201134677, CVE\u20112022\u201134679, CVE\u20112022\u201134680, CVE\u20112022\u201134682, CVE\u20112022\u201142254, CVE\u20112022\u201142256, CVE\u20112022\u201142257, CVE\u20112022\u201142258, CVE\u20112022\u201142259, CVE\u20112022\u201142260, CVE\u20112022\u201142261, CVE\u20112022\u201142262, CVE\u20112022\u201142263, CVE\u20112022\u201142264 \n \n#### Affected Products, Affected Versions, and Updated Versions\n\nThe following table lists NVIDIA software products affected, versions affected, and the updated version that includes this security update.\n\n**CVE IDs Addressed** | **Software Product** | **Operating System** | **Affected Versions** | **Updated Version** \n---|---|---|---|--- \n**vGPU Software** | **Driver** | **vGPU Software ** | **Driver ** \nCVE\u20112022\u201134669 \nCVE\u20112022\u201134681 \nCVE\u20112022\u201134683 \nCVE\u20112022\u201142266 \nCVE\u20112022\u201142267 \nCVE\u20112022\u201134678 \nCVE\u20112022\u201134672 | vGPU software (guest driver) | Windows | All versions prior to and including 14.3 | 513.91 | 14.4 | 514.08 \nAll versions prior to and including 13.5 | 474.04 | 13.6 | 474.14 \nAll versions prior to and including 11.10 | 453.94 | 11.11 | 454.02 \nCVE\u20112022\u201134670 \nCVE\u20112022\u201142263 \nCVE\u20112022\u201134674 \nCVE\u20112022\u201134677 \nCVE\u20112022\u201142264 \nCVE\u20112022\u201134679 \nCVE\u20112022\u201134680 \nCVE\u20112022\u201134682 \nCVE\u20112022\u201134676 \nCVE\u20112022\u201134684 \nCVE\u20112022\u201142254 \nCVE\u20112022\u201142255 \nCVE\u20112022\u201142256 \nCVE\u20112022\u201142257 \nCVE\u20112022\u201142258 \nCVE\u20112022\u201142259 \nCVE\u20112022\u201142260 \nCVE\u20112022\u201134678 | vGPU software (guest driver) | Linux | All versions prior to and including 14.3 | 510.85.02 | 14.4 | 510.108.03 \nAll versions prior to and including 13.5 | 470.141.03 | 13.6 | 470.161.03 \nAll versions prior to and including 11.10 | 450.203.02 | 11.11 | 450.216.04 \n \nCVE\u20112022\u201134670 \nCVE\u20112022\u201142263 \nCVE\u20112022\u201134674 \nCVE\u20112022\u201134677 \nCVE\u20112022\u201142264 \nCVE\u20112022\u201134679 \nCVE\u20112022\u201134680 \nCVE\u20112022\u201134682 \nCVE\u20112022\u201134676 \nCVE\u20112022\u201134684 \nCVE\u20112022\u201142254 \nCVE\u20112022\u201142255 \nCVE\u20112022\u201142256 \nCVE\u20112022\u201142257 \nCVE\u20112022\u201142258 \nCVE\u20112022\u201142259 \nCVE\u20112022\u201142261 \nCVE\u20112022\u201142262 \nCVE\u20112022\u201134675 \nCVE\u20112022\u201134678 | vGPU software (Virtual GPU Manager) | \nCitrix Hypervisor, \nVMware vSphere, \nRed Hat Enterprise Linux KVM | All versions prior to and including 14.3 | 510.85.03 | 14.4 | 510.108.03 \nAll versions prior to and including 13.5 | 470.141.05 | 13.6 | 470.161.02 \nAll versions prior to and including 11.10 | 450.203 | 11.11 | 450.216.04 \n \n**Notes:**\n\n * The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.\n * Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.\n\n### Security Updates for NVIDIA Cloud Gaming\n\nThe following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.\n\n**CVE IDs Addressed** | **Software Product** | **Operating System** | **Affected Versions** | **Updated Version** \n---|---|---|---|--- \n**Cloud Gaming Software** | **Driver** | **Cloud Gaming Software ** | **Driver ** \nCVE\u20112022\u201134669 \nCVE\u20112022\u201134681 \nCVE\u20112022\u201134683 \nCVE\u20112022\u201142266 \nCVE\u20112022\u201134678 \nCVE\u20112022\u201134672 | NVIDIA Cloud Gaming (guest driver) | Windows | All versions prior to the November 2022 release | All versions prior to 522.25 | November 2022 release | 527.27 \nCVE\u20112022\u201134670 \nCVE\u20112022\u201134674 \nCVE\u20112022\u201134676 \nCVE\u20112022\u201134677 \nCVE\u20112022\u201134678 \nCVE\u20112022\u201134679 \nCVE\u20112022\u201134680 \nCVE\u20112022\u201134682 \nCVE\u20112022\u201134684 \nCVE\u20112022\u201142254 \nCVE\u20112022\u201142255 \nCVE\u20112022\u201142256 \nCVE\u20112022\u201142257 \nCVE\u20112022\u201142258 \nCVE\u20112022\u201142259 \nCVE\u20112022\u201142260 \nCVE\u20112022\u201142263 \nCVE\u20112022\u201142264 | NVIDIA Cloud Gaming (guest driver) | Linux | All versions prior to the November 2022 release | All versions prior to 520.56.06 | November 2022 release | 525.60.11 \nCVE\u20112022\u201134670 \nCVE\u20112022\u201134674 \nCVE\u20112022\u201134675 \nCVE\u20112022\u201134676 \nCVE\u20112022\u201134677 \nCVE\u20112022\u201134678 \nCVE\u20112022\u201134679 \nCVE\u20112022\u201134680 \nCVE\u20112022\u201134682 \nCVE\u20112022\u201134684 \nCVE\u20112022\u201142254 \nCVE\u20112022\u201142255 \nCVE\u20112022\u201142256 \nCVE\u20112022\u201142257 \nCVE\u20112022\u201142258 \nCVE\u20112022\u201142259 \nCVE\u20112022\u201142261 \nCVE\u20112022\u201142262 \nCVE\u20112022\u201142263 \nCVE\u20112022\u201142264 | NVIDIA Cloud Gaming (Virtual GPU Manager) | Citrix Hypervisor, \nRed Hat Enterprise Linux KVM | All versions prior to the November 2022 release | All versions prior to 520.56.06 | November 2022 release | 525.60.12 \n \n### Acknowledgements\n\nNVIDIA thanks the following people for reporting the issues to us:\n\n * CVE\u20112022\u201134669 - Daniel Santos (@bananabr)\n * CVE\u20112022\u201134671 - Piotr Bania - Cisco Talos\n * CVE\u20112022\u201134682 - Tal Lossos\n * CVE\u20112022\u201134683 and CVE\u20112022\u201142266 - Wei Lei and Sergey Kornienko (@b1thvn_) of PixiePoint Security\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-29T00:00:00", "type": "nvidia", "title": "Security Bulletin: NVIDIA GPU Display Driver - November 2022", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34670", "CVE-2022-34671", "CVE-2022-34672", "CVE-2022-34673", "CVE-2022-34674", "CVE-2022-34675", "CVE-2022-34676", "CVE-2022-34677", "CVE-2022-34678", "CVE-2022-34679", "CVE-2022-34680", "CVE-2022-34681", "CVE-2022-34682", "CVE-2022-34683", "CVE-2022-34684", "CVE-2022-42254", "CVE-2022-42255", "CVE-2022-42256", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259", "CVE-2022-42260", "CVE-2022-42261", "CVE-2022-42262", "CVE-2022-42263", "CVE-2022-42264", "CVE-2022-42265", "CVE-2022-42266", "CVE-2022-42267"], "modified": "2022-12-20T00:00:00", "id": "NVIDIA:5415", "href": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:33:41", "description": "### Background\n\nNVIDIA Drivers are NVIDIA's accelerated graphics driver.\n\n### Description\n\nMultiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NVIDIA Drivers 470 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-drivers/nvidia-drivers-470.182.03:0/470\"\n \n\nAll NVIDIA Drivers 515 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-drivers/nvidia-drivers-515.105.01:0/515\"\n \n\nAll NVIDIA Drivers 525 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-drivers/nvidia-drivers-525.105.17:0/525\"\n \n\nAll NVIDIA Drivers 530 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-drivers/nvidia-drivers-530.41.03:0/530\"", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-10-03T00:00:00", "type": "gentoo", "title": "NVIDIA Drivers: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1052", "CVE-2021-1053", "CVE-2021-1056", "CVE-2021-1090", "CVE-2021-1093", "CVE-2021-1094", "CVE-2021-1095", "CVE-2022-28181", "CVE-2022-28183", "CVE-2022-28184", "CVE-2022-28185", "CVE-2022-31607", "CVE-2022-31608", "CVE-2022-31615", "CVE-2022-34666", "CVE-2022-34670", "CVE-2022-34673", "CVE-2022-34674", "CVE-2022-34676", "CVE-2022-34677", "CVE-2022-34678", "CVE-2022-34679", "CVE-2022-34680", "CVE-2022-34682", "CVE-2022-34684", "CVE-2022-42254", "CVE-2022-42255", "CVE-2022-42256", "CVE-2022-42257", "CVE-2022-42258", "CVE-2022-42259", "CVE-2022-42260", "CVE-2022-42261", "CVE-2022-42263", "CVE-2022-42264", "CVE-2022-42265", "CVE-2023-0180", "CVE-2023-0181", "CVE-2023-0183", "CVE-2023-0184", "CVE-2023-0185", "CVE-2023-0187", "CVE-2023-0188", "CVE-2023-0189", "CVE-2023-0190", "CVE-2023-0191", "CVE-2023-0194", "CVE-2023-0195", "CVE-2023-0198", "CVE-2023-0199"], "modified": "2023-10-03T00:00:00", "id": "GLSA-202310-02", "href": "https://security.gentoo.org/glsa/202310-02", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}