CVE-2022-42261
Last modified
CVE-2022-42261 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Virtual Gpu | < 11.11 |
| Nvidia | Virtual Gpu | >= 12.0, < 13.6 |
| Nvidia | Virtual Gpu | >= 14.0, < 14.4 |
| Nvidia | Cloud Gaming | < 525.60.12 |
| Nvidia | Gpu Display Driver | >= 470, < 470.161.03 |
| Nvidia | Gpu Display Driver | >= 510, < 510.108.03 |
| Nvidia | Gpu Display Driver | >= 450, < 450.216.04 |
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415Vendor Advisory
- https://security.gentoo.org/glsa/202310-02Third Party Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415Vendor Advisory
- https://security.gentoo.org/glsa/202310-02Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-42261?
How severe is CVE-2022-42261?
How do I fix CVE-2022-42261?
Are you affected by CVE-2022-42261?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST