CVE-2022-28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

Published: May 17, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-28192
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
nvidia / virtual_gpu	13.0	13.3
nvidia / virtual_gpu	11.0	11.8
nvidia / virtual_gpu	14.0	14.0.x

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

Vulnerability Database

289,871

CVE-2022-28192