CVE-2022-28192 - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may l

CVE-2022-28192

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5353

Vulnerable Configurations

cpe:2.3:a:nvidia:virtual_gpu:13.0:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:13.0:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:13.1:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:13.1:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:13.2:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:13.2:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.0:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.0:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.6:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.6:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.7:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:11.7:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*

CVSS

Base:	1.9 (as of 26-05-2022 - 15:18)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:P

Last major update

26-05-2022 - 15:18

Published

17-05-2022 - 20:15

Last modified

26-05-2022 - 15:18