7.8

CVE-2022-42255

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Data is provided by the National Vulnerability Database (NVD)
NvidiaVirtual Gpu Version < 11.11
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 12.0 < 13.6
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaVirtual Gpu Version >= 14.0 < 14.4
   CitrixHypervisor Version-
   LinuxLinux Kernel Version-
   RedhatEnterprise Linux Kernel-based Virtual Machine Version-
   VMwareVsphere Version-
NvidiaCloud Gaming Version < 525.60.11
   LinuxLinux Kernel Version-
NvidiaCloud Gaming Version < 525.60.12
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.133
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com 5.3 1.8 3.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.