CVE-2022-34670
First published: Fri Dec 30 2022(Updated: )
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
Credit: psirt@nvidia.com psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA GPU Display Driver Linux | >=390<390.157 | |
| NVIDIA GPU Display Driver Linux | >=470<470.161.03 | |
| NVIDIA GPU Display Driver Linux | >=510<510.108.03 | |
| NVIDIA GPU Display Driver Linux | >=515<515.86.01 | |
| NVIDIA GPU Display Driver Linux | >=525<525.60.11 | |
| NVIDIA GeForce | ||
| NVIDIA NVS Firmware | ||
| NVIDIA Quadro | ||
| NVIDIA RTX | ||
| NVIDIA GPU Display Driver Linux | >=450<450.216.04 | |
| NVIDIA tesla | ||
| NVIDIA vGPU Software | <11.11 | |
| NVIDIA vGPU Software | >=12.0<13.6 | |
| NVIDIA vGPU Software | >=14.0<14.4 | |
| Citrix Hypervisor | ||
| Linux Kernel | ||
| Red Hat Enterprise Linux Kernel-based Virtual Machine | ||
| VMware vSphere | ||
| NVIDIA Cloud Gaming | <525.60.11 | |
| NVIDIA Cloud Gaming | <525.60.12 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this NVIDIA GPU Display Driver for Linux vulnerability?
The vulnerability ID is CVE-2022-34670.
What is the severity rating of CVE-2022-34670?
The severity rating of CVE-2022-34670 is 7.8 (high).
What is the affected software for CVE-2022-34670?
The affected software is the NVIDIA GPU Display Driver for Linux.
How can an unprivileged regular user exploit CVE-2022-34670?
An unprivileged regular user can exploit CVE-2022-34670 by causing truncation errors when casting a primitive to a primitive of smaller size, resulting in data loss and potential denial of service or information disclosure.
Where can I find more information about CVE-2022-34670?
You can find more information about CVE-2022-34670 at the following references: [link 1](https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html), [link 2](https://nvidia.custhelp.com/app/answers/detail/a_id/5415), [link 3](https://security.gentoo.org/glsa/202310-02).
- agent/author
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/nvidia
- canonical/nvidia gpu display driver linux
- version/nvidia gpu display driver linux/390
- version/nvidia gpu display driver linux/470
- version/nvidia gpu display driver linux/510
- version/nvidia gpu display driver linux/515
- version/nvidia gpu display driver linux/525
- canonical/nvidia geforce
- canonical/nvidia nvs firmware
- canonical/nvidia quadro
- canonical/nvidia rtx
- version/nvidia gpu display driver linux/450
- canonical/nvidia tesla
- canonical/nvidia vgpu software
- version/nvidia vgpu software/12.0
- version/nvidia vgpu software/14.0
- vendor/citrix
- canonical/citrix hypervisor
- vendor/linux
- canonical/linux kernel
- vendor/redhat
- canonical/red hat enterprise linux kernel-based virtual machine
- vendor/vmware
- canonical/vmware vsphere
- canonical/nvidia cloud gaming
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0