CVE-2022-42254: Out-of-bounds Read
First published: Fri Dec 30 2022(Updated: )
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.
Credit: psirt@nvidia.com psirt@nvidia.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA Virtual GPU | <11.11 | |
| NVIDIA Virtual GPU | >=12.0<13.6 | |
| NVIDIA Virtual GPU | >=14.0<14.4 | |
| Citrix Hypervisor | ||
| Linux Linux kernel | ||
| Redhat Enterprise Linux Kernel-based Virtual Machine | ||
| VMware vSphere | ||
| Nvidia Cloud Gaming | <525.60.11 | |
| Nvidia Cloud Gaming | <525.60.12 | |
| Nvidia Gpu Display Driver | >=470<470.161.03 | |
| Nvidia Gpu Display Driver | >=510<510.108.03 | |
| Nvidia Gpu Display Driver | >=515<515.86.01 | |
| Nvidia Geforce | ||
| Nvidia Nvs | ||
| Nvidia Quadro | ||
| Nvidia Rtx | ||
| Nvidia Tesla |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this NVIDIA GPU Display Driver for Linux vulnerability?
The vulnerability ID is CVE-2022-42254.
What is the severity level of CVE-2022-42254?
The severity level of CVE-2022-42254 is high.
What is the affected software for CVE-2022-42254?
The affected software for CVE-2022-42254 includes Nvidia Virtual Gpu, Nvidia Cloud Gaming, and Nvidia Gpu Display Driver for Linux.
How can the vulnerability CVE-2022-42254 be exploited?
CVE-2022-42254 can be exploited by an attacker through an out-of-bounds array access in the kernel mode layer of the Nvidia GPU Display Driver for Linux, leading to denial of service, data tampering, or information disclosure.
Are Citrix Hypervisor, Linux Linux kernel, Redhat Enterprise Linux Kernel-based Virtual Machine, Vmware Vsphere, Nvidia Geforce, Nvidia Nvs, Nvidia Quadro, Nvidia Rtx, and Nvidia Tesla affected by CVE-2022-42254?
No, Citrix Hypervisor, Linux Linux kernel, Redhat Enterprise Linux Kernel-based Virtual Machine, Vmware Vsphere, Nvidia Geforce, Nvidia Nvs, Nvidia Quadro, Nvidia Rtx, and Nvidia Tesla are not affected by CVE-2022-42254.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/nvidia
- canonical/nvidia virtual gpu
- version/nvidia virtual gpu/12.0
- version/nvidia virtual gpu/14.0
- vendor/citrix
- canonical/citrix hypervisor
- vendor/linux
- canonical/linux linux kernel
- vendor/redhat
- canonical/redhat enterprise linux kernel-based virtual machine
- vendor/vmware
- canonical/vmware vsphere
- canonical/nvidia cloud gaming
- canonical/nvidia gpu display driver
- version/nvidia gpu display driver/470
- version/nvidia gpu display driver/510
- version/nvidia gpu display driver/515
- canonical/nvidia geforce
- canonical/nvidia nvs
- canonical/nvidia quadro
- canonical/nvidia rtx
- canonical/nvidia tesla