CVE-2022-34680 : NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.

Published 2022-12-30 23:15:10

Updated 2025-04-10 19:15:48

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-34680

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 510 and before (<) 510.108.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 470 and before (<) 470.161.03
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 515 and before (<) 515.86.01
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 525 and before (<) 525.60.11
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 390 and before (<) 390.157
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Geforce » Version: N/A
When used together with: Nvidia » NVS » Version: N/A
When used together with: Nvidia » Quadro » Version: N/A
When used together with: Nvidia » RTX » Version: N/A
Nvidia » Gpu Display Driver » For Linux
Versions from including (>=) 450 and before (<) 450.216.04
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Nvidia » Tesla » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 12.0 and before (<) 13.6
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions from including (>=) 14.0 and before (<) 14.4
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Virtual Gpu
Versions before (<) 11.11
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A
When used together with: Vmware » Vsphere » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.11
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Cloud Gaming
Versions before (<) 525.60.12
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
Matching versions
When used together with: Citrix » Hypervisor » Version: N/A
When used together with: Redhat » Enterprise Linux Kernel-based Virtual Machine » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-34680

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-34680

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NVIDIA Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-34680

CWE-197 Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Primary)
- psirt@nvidia.com (Primary)
CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2022-34680

https://security.gentoo.org/glsa/202310-02

NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html

[SECURITY] [DLA 3418-1] nvidia-graphics-drivers-legacy-390xx security update
Mailing List

CVEs referencing this url
https://nvidia.custhelp.com/app/answers/detail/a_id/5415

Security Bulletin: NVIDIA GPU Display Driver - November 2022 | NVIDIA
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-34680

Products affected by CVE-2022-34680

Exploit prediction scoring system (EPSS) score for CVE-2022-34680

CVSS scores for CVE-2022-34680

CWE ids for CVE-2022-34680

References for CVE-2022-34680