Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-31608
HistoryAug 02, 2022 - 12:00 a.m.

CVE-2022-31608

2022-08-0200:00:00
ubuntu.com
ubuntu.com
23

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional
D-Bus configuration file, where a local user with basic capabilities can
impact protected D-Bus endpoints, which may lead to code execution, denial
of service, escalation of privileges, information disclosure, and data
tampering.

Bugs

Notes

Author Note
sbeattie the dbus endpoint configuration file is only installed as a documentation file (/usr/share/doc/nvidia-driver-*/nvidia-dbus.conf) in Ubuntu, so a user would have to manually put it in place to be affected.
mdeslaur some binary drivers are no longer support by NVidia, so they are marked as ignored here

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%