Vulnerabilites related to NVIDIA - NVIDIA GPU Display Driver for Windows
cve-2022-42267
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver for Windows |
Version: All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:03:45.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NVIDIA GPU Display Driver for Windows", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release", }, ], }, ], descriptions: [ { lang: "en", value: "NVIDIA GPU Display Driver for Windows contains a vulnerability where a regular user can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", }, ], }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2022-42267", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-10-03T00:00:00", dateUpdated: "2024-08-03T13:03:45.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34671
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | NVIDIA GPU Display Driver for Windows |
Version: All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:15:15.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", }, { tags: [ "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5468", }, { tags: [ "x_transferred", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720", }, { tags: [ "x_transferred", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721", }, { tags: [ "x_transferred", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NVIDIA GPU Display Driver for Windows", vendor: "NVIDIA", versions: [ { status: "affected", version: "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.</span>\n\n</p>", }, ], value: "NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Code execution, information disclosure, and denial of service", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-21T22:06:10.259Z", orgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", shortName: "nvidia", }, references: [ { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", }, { url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5468", }, { url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720", }, { url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721", }, { url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9576f279-3576-44b5-a4af-b9a8644b2de6", assignerShortName: "nvidia", cveId: "CVE-2022-34671", datePublished: "2022-12-30T00:00:00.000Z", dateReserved: "2022-06-27T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:47.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }