CVE-2022-21815 - OpenCVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Nvidia	Quadro Cloud Gaming Guest Nvs Gpu Display Driver Studio Tesla Rtx Virtual Gpu Geforce
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:nvidia:cloud_gaming_guest:-:::::::*
	cpe:2.3:a:nvidia:geforce:-:::::::*
	cpe:2.3:a:nvidia:gpu_display_driver:-:::::::*
	cpe:2.3:a:nvidia:nvs:-:::::::*
	cpe:2.3:a:nvidia:quadro:-:::::::*
	cpe:2.3:a:nvidia:rtx:-:::::::*
	cpe:2.3:a:nvidia:studio:-:::::::*
	cpe:2.3:a:nvidia:tesla:-:::::::*
	cpe:2.3:a:nvidia:virtual_gpu:-:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5312	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2022-02-07T20:00:17

Updated: 2022-05-09T19:35:14

Reserved: 2021-12-10T00:00:00

Link: CVE-2022-21815

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-07T20:15:07.887

Modified: 2022-09-03T03:54:40.880

Link: CVE-2022-21815

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All GPU Driver versions for Windows"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-09T19:35:14", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-21815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA GPU Display Driver", "version": {"version_data": [{"version_value": "All GPU Driver versions for Windows"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash."}]}, "impact": {"cvss": {"baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476: NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312"}]}}}}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-21815", "datePublished": "2022-02-07T20:00:17", "dateReserved": "2021-12-10T00:00:00", "dateUpdated": "2022-05-09T19:35:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cloud_gaming_guest:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF125D-2BDD-4DDB-B8A6-5D28E64157E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37AC285-221B-474F-8B3F-9DD7C586EB43", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CCCEEC-CB0F-412F-9DE5-CD86E2AF6B2A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash."}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en el manejador de la capa del modo kernel (nvlddmkm.sys) para las IOCTL privadas en la que una desreferencia del puntero NULL en el kernel, creada dentro del c\u00f3digo del modo de usuario, puede conllevar a una denegaci\u00f3n de servicio en forma de bloqueo del sistema"}], "id": "CVE-2022-21815", "lastModified": "2022-09-03T03:54:40.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2022-02-07T20:15:07.887", "references": [{"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5312"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}