CVE-2022-34674

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34674
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html Mailing List
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 Vendor Advisory
https://security.gentoo.org/glsa/202310-02 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html Mailing List
https://nvidia.custhelp.com/app/answers/detail/a_id/5415 Vendor Advisory
https://security.gentoo.org/glsa/202310-02 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
OR cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
OR cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
OR cpe:2.3:o:citrix:hypervisor:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:vsphere:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

21 Nov 2024, 07:09

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html - Mailing List () https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html - Mailing List
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5415 - Vendor Advisory () https://nvidia.custhelp.com/app/answers/detail/a_id/5415 - Vendor Advisory
References () https://security.gentoo.org/glsa/202310-02 - Third Party Advisory () https://security.gentoo.org/glsa/202310-02 - Third Party Advisory
CVSS v2 : unknown
v3 : 6.1 		v2 : unknown
v3 : 6.8

15 Oct 2023, 02:12

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html - Mailing List
References (GENTOO) https://security.gentoo.org/glsa/202310-02 - (GENTOO) https://security.gentoo.org/glsa/202310-02 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 6.1
First Time Debian debian Linux
Debian

03 Oct 2023, 15:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202310-02 -
Information

Published : 2022-12-30 23:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34674

Mitre link : CVE-2022-34674

CVE.ORG link : CVE-2022-34674

JSON object : View

Products Affected

nvidia

  • gpu_display_driver
  • nvs
  • quadro
  • cloud_gaming
  • geforce
  • virtual_gpu
  • rtx
  • tesla

vmware

  • vsphere

redhat

  • enterprise_linux_kernel-based_virtual_machine

linux

  • linux_kernel

citrix

  • hypervisor

debian

  • debian_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024