CVE-2022-34677 : NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.

Published 2022-12-30 23:15:10

Updated 2023-10-19 01:13:58

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-34677

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 510 and before (<) 510.108.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 470 and before (<) 470.161.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 515 and before (<) 515.86.01
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 525 and before (<) 525.60.11
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 390 and before (<) 390.157
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 450 and before (<) 450.216.04
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Tesla » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 12.0 and before (<) 13.6
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 14.0 and before (<) 14.4
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions before (<) 11.11
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.11
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.12
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-34677

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-34677

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NVIDIA Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-34677

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: psirt@nvidia.com (Secondary)
CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-34677

https://security.gentoo.org/glsa/202310-02

NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html

[SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update
Mailing List

CVEs referencing this url
https://nvidia.custhelp.com/app/answers/detail/a_id/5415

Security Bulletin: NVIDIA GPU Display Driver - November 2022 | NVIDIA
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-34677

Products affected by CVE-2022-34677

Exploit prediction scoring system (EPSS) score for CVE-2022-34677

CVSS scores for CVE-2022-34677

CWE ids for CVE-2022-34677

References for CVE-2022-34677