Vulnerability Details : CVE-2022-42263

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.

Vulnerability category: OverflowDenial of serviceInformation leak

Published 2022-12-30 23:15:11

Updated 2023-10-19 01:30:40

Source NVIDIA Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-42263

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 7 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-42263

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	psirt@nvidia.com
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2022-42263

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@nvidia.com (Secondary)

References for CVE-2022-42263

https://security.gentoo.org/glsa/202310-02

NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://nvidia.custhelp.com/app/answers/detail/a_id/5415

Security Bulletin: NVIDIA GPU Display Driver - November 2022 | NVIDIA
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-42263

Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 510 and before (<) 510.108.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 470 and before (<) 470.161.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 515 and before (<) 515.86.01
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 450 and before (<) 450.216.04
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Tesla » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 12.0 and before (<) 13.6
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 14.0 and before (<) 14.4
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions before (<) 11.11
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.11
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.12
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A