Vulnerability Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nvidia | Virtual Gpu | < 11.11 |
| Citrix | Hypervisor | - |
| Linux | Linux Kernel | - |
| Redhat | Enterprise Linux Kernel-Based Virtual Machine | - |
| Vmware | Vsphere | - |
| Nvidia | Cloud Gaming | < 525.60.12 |
| Nvidia | Gpu Display Driver | >= 470, < 470.161.03 |
| Nvidia | Geforce | - |
| Nvidia | Nvs | - |
| Nvidia | Quadro | - |
| Nvidia | Rtx | - |
| Nvidia | Tesla | - |
Related Weaknesses (CWE)
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415Vendor Advisory
- https://nvidia.custhelp.com/app/answers/detail/a_id/5415Vendor Advisory
FAQ
What is CVE-2022-42262?
CVE-2022-42262 is a vulnerability with a CVSS score of 7.1 (HIGH). NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering,...
How severe is CVE-2022-42262?
CVE-2022-42262 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42262?
Check the references section above for vendor advisories and patch information. Affected products include: Nvidia Virtual Gpu, Citrix Hypervisor, Linux Linux Kernel, Redhat Enterprise Linux Kernel-Based Virtual Machine, Vmware Vsphere.