CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Published: May 17, 2022
Updated: May 9, 2024
CVE: CVE-2022-28181
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.9
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
nvidia / virtual_gpu	11.0	11.8
nvidia / virtual_gpu	13.0	13.3
nvidia / virtual_gpu	14.0	14.0.x

https://nvidia.custhelp.com/app/answers/detail/a_id/5353
https://security.gentoo.org/glsa/202310-02

Vulnerability Database

289,871

CVE-2022-28181