CVE-2022-21814 : NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel drive

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

Published 2022-02-07 20:15:08

Updated 2023-10-13 01:51:57

Source NVIDIA Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-21814

Nvidia » Gpu Display Driver » Version: N/A
cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » RTX » Version: N/A
cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Geforce » Version: N/A
cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Tesla » Version: N/A
cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » NVS » Version: N/A
cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Nvidia » Quadro » Version: N/A
cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-21814

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-21814

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	1.8	4.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	1.8	4.2	NVIDIA Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2022-21814

CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Assigned by: psirt@nvidia.com (Secondary)
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-21814

https://security.gentoo.org/glsa/202310-02

NVIDIA Drivers: Multiple Vulnerabilities (GLSA 202310-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://nvidia.custhelp.com/app/answers/detail/a_id/5312

Security Bulletin: NVIDIA GPU Display Driver - February 2022 | NVIDIA
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-21814

Products affected by CVE-2022-21814

Exploit prediction scoring system (EPSS) score for CVE-2022-21814

CVSS scores for CVE-2022-21814

CWE ids for CVE-2022-21814

References for CVE-2022-21814