{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-21814", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "dateUpdated": "2023-10-03T14:07:25.441310", "dateReserved": "2021-12-10T00:00:00", "datePublished": "2022-02-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-10-03T14:07:25.441310"}, "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service."}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA GPU Display Driver", "versions": [{"version": "All GPU Drivers for Linux", "status": "affected"}]}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312"}, {"name": "GLSA-202310-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-02"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", "cweId": "CWE-280"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37AC285-221B-474F-8B3F-9DD7C586EB43", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service."}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el paquete de controladores del kernel, donde el manejo inapropiado de permisos o privilegios insuficientes puede permitir a un usuario local no privilegiado un acceso de escritura limitado a la memoria protegida, lo que puede conllevar a una denegaci\u00f3n de servicio"}], "id": "CVE-2022-21814", "lastModified": "2023-10-13T01:51:57.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2022-02-07T20:15:07.830", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-02"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-280"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}