CVE-2022-42261
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
30/12/2022
Last modified:
19/10/2023
Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* | 11.11 (excluding) | |
| cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* | 12.0 (including) | 13.6 (excluding) |
| cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* | 14.0 (including) | 14.4 (excluding) |
| cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:* | 525.60.12 (excluding) | |
| cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* | 470 (including) | 470.161.03 (excluding) |
| cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:* | 510 (including) | 510.108.03 (excluding) |
| cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page