7.8
CVE-2022-34670
- EPSS 0.1%
- Published 30.12.2022 23:15:09
- Last modified 21.11.2024 07:09:56
- Source psirt@nvidia.com
- Teams watchlist Login
- Open Login
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
Data is provided by the National Vulnerability Database (NVD)
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 390 < 390.157
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 470 < 470.161.03
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 510 < 510.108.03
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 515 < 515.86.01
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 525 < 525.60.11
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 450 < 450.216.04
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 470 < 470.161.03
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 510 < 510.108.03
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 515 < 515.86.01
Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 525 < 525.60.11
Nvidia ≫ Virtual Gpu Version < 11.11
Citrix ≫ Hypervisor Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Nvidia ≫ Virtual Gpu Version >= 12.0 < 13.6
Citrix ≫ Hypervisor Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Nvidia ≫ Virtual Gpu Version >= 14.0 < 14.4
Citrix ≫ Hypervisor Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Linux ≫ Linux Kernel Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
VMware ≫ Vsphere Version-
Nvidia ≫ Cloud Gaming Version < 525.60.11
Nvidia ≫ Cloud Gaming Version < 525.60.12
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.276 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@nvidia.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-197 Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
CWE-681 Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.