CVE-2022-42261

EPSS 0.1%
Veröffentlicht 30.12.2022 23:15:11
Zuletzt bearbeitet 21.11.2024 07:24:36
Quelle psirt@nvidia.com
Teams Watchlist Login
Unerledigt Login

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nvidia ≫ Virtual Gpu Version < 11.11

   Citrix ≫ Hypervisor Version-
   Linux ≫ Linux Kernel Version-
   Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
   VMware ≫ Vsphere Version-

Nvidia ≫ Virtual Gpu Version >= 12.0 < 13.6

   Citrix ≫ Hypervisor Version-
   Linux ≫ Linux Kernel Version-
   Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
   VMware ≫ Vsphere Version-

Nvidia ≫ Virtual Gpu Version >= 14.0 < 14.4

   Citrix ≫ Hypervisor Version-
   Linux ≫ Linux Kernel Version-
   Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-
   VMware ≫ Vsphere Version-

Nvidia ≫ Cloud Gaming Version < 525.60.12

Citrix ≫ Hypervisor Version-
Redhat ≫ Enterprise Linux Kernel-based Virtual Machine Version-

Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 470 < 470.161.03

   Nvidia ≫ Geforce Version-
   Nvidia ≫ Nvs Version-
   Nvidia ≫ Quadro Version-
   Nvidia ≫ Rtx Version-

Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 510 < 510.108.03

   Nvidia ≫ Geforce Version-
   Nvidia ≫ Nvs Version-
   Nvidia ≫ Quadro Version-
   Nvidia ≫ Rtx Version-

Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 450 < 450.216.04

Nvidia ≫ Tesla Version-

Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 470 < 470.161.03

Nvidia ≫ Tesla Version-

Nvidia ≫ Gpu Display Driver SwPlatformlinux Version >= 510 < 510.108.03

Nvidia ≫ Tesla Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://security.gentoo.org/glsa/202310-02

Third Party Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-42261

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42261

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42261

EUVD