CVE-2022-42266

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
30/12/2022
Last modified:
09/01/2023

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* 11.11 (excluding)
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* 13.0 (including) 13.6 (excluding)
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* 14.0 (including) 14.4 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:* 527.27 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools