CVE-2022-28182 - OpenCVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Nvidia	Virtual Gpu Gpu Display Driver

Configuration 1 [-]

cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu:14.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5353	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: nvidia

Published: 2022-05-17T19:15:27

Updated: 2022-05-17T19:15:27

Reserved: 2022-03-30T00:00:00

Link: CVE-2022-28182

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-17T20:15:08.737

Modified: 2022-05-26T19:04:18.473

Link: CVE-2022-28182

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "NVIDIA GPU Display Driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All GPU Driver versions for Windows"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-17T19:15:27", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2022-28182", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NVIDIA GPU Display Driver", "version": {"version_data": [{"version_value": "All GPU Driver versions for Windows"}]}}]}, "vendor_name": "NVIDIA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components."}]}, "impact": {"cvss": {"baseScore": 8.5, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353", "refsource": "MISC", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353"}]}}}}, "cveMetadata": {"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2022-28182", "datePublished": "2022-05-17T19:15:27", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2022-05-17T19:15:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:*", "matchCriteriaId": "ECC27EF8-10DE-47E6-B9F5-3D6BE9D06CB0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "45F338C5-245D-4D10-9B48-B56B7094F167", "versionEndExcluding": "11.8", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "matchCriteriaId": "98C8F13F-2F8F-4BAE-B971-582084B93D58", "versionEndExcluding": "13.3", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CB2F728-3BFD-418D-AC29-A4165D1E7CA6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components."}, {"lang": "es", "value": "El controlador de pantalla de la GPU NVIDIA para Windows contiene una vulnerabilidad en el controlador de modo de usuario de DirectX11 (nvwgf2um/x.dll), donde un atacante no autorizado en la red puede causar una escritura fuera de l\u00edmites mediante un shader especialmente dise\u00f1ado, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo para causar la denegaci\u00f3n de servicio, una escalada de privilegios, una divulgaci\u00f3n de informaci\u00f3n y una manipulaci\u00f3n de datos. El alcance del impacto puede extenderse a otros componentes"}], "id": "CVE-2022-28182", "lastModified": "2022-05-26T19:04:18.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Primary"}]}, "published": "2022-05-17T20:15:08.737", "references": [{"source": "psirt@nvidia.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5353"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}