Vulnerability Details : CVE-2022-28192
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2022-28192
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-28192
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:N/A:P |
3.4
|
2.9
|
nvd@nist.gov |
|
4.1
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.5
|
3.6
|
psirt@nvidia.com |
CWE ids for CVE-2022-28192
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by:
- nvd@nist.gov (Primary)
- psirt@nvidia.com (Secondary)
References for CVE-2022-28192
-
https://nvidia.custhelp.com/app/answers/detail/a_id/5353
Security Bulletin: NVIDIA GPU Display Driver - May 2022 | NVIDIAPatch;Vendor Advisory
Products affected by CVE-2022-28192
- cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
- cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*