CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5415	Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5468
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:nvs:-:::::::*
	cpe:2.3:a:nvidia:quadro:-:::::::*
	cpe:2.3:a:nvidia:rtx:-:::::::*

OR	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*

Configuration 2 (hide)

AND

cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*

Configuration 3 (hide)

AND

cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*

cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*
	cpe:2.3:a:nvidia:gpu_display_driver::::::windows::*

History

No history.

Information

Published : 2022-12-30 23:15

Updated : 2023-08-21 23:15

NVD link : CVE-2022-34671

Mitre link : CVE-2022-34671

CVE.ORG link : CVE-2022-34671

JSON object : View

Products Affected

nvidia

studio
gpu_display_driver
rtx
quadro
geforce
tesla
nvs

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-34671", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2022-12-30T23:15:09.430", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5468", "source": "psirt@nvidia.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1719", "source": "psirt@nvidia.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1720", "source": "psirt@nvidia.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1721", "source": "psirt@nvidia.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "\nNVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.\n\n\n\n"}, {"lang": "es", "value": "NVIDIA GPU Display Driver para Windows contiene una vulnerabilidad en la capa de modo de usuario, donde un usuario sin privilegios puede provocar una escritura fuera de los l\u00edmites, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n y la Denegaci\u00f3n de Servicio (DoS)."}], "lastModified": "2023-08-21T23:15:08.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nvs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "333646B0-AAD5-4DD7-8940-6334D0A8E77C"}, {"criteria": "cpe:2.3:a:nvidia:quadro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A1DB9FB5-E115-4E96-98F8-3FAFAC120E98"}, {"criteria": "cpe:2.3:a:nvidia:rtx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08C63EA1-8719-4F5C-922A-C77ED4CEF7C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "92FDDB0C-1F5B-4559-8ACA-F7D889379384", "versionEndExcluding": "514.08", "versionStartIncluding": "510"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "7CD854B9-D2EA-4797-8CD6-5CE7BF431EDC", "versionEndExcluding": "517.88", "versionStartIncluding": "515"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EFC7E8ED-C6D0-4ADB-B914-850B86E85DC6", "versionEndExcluding": "527.27", "versionStartIncluding": "525"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:tesla:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D135086F-CA5E-4242-ACBA-C3AC82F4BE03"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "1B6ED659-FE16-4240-AB72-F33BCEB67616", "versionEndExcluding": "454.02", "versionStartIncluding": "450"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "92FDDB0C-1F5B-4559-8ACA-F7D889379384", "versionEndExcluding": "514.08", "versionStartIncluding": "510"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E7C44AD7-7797-4CB6-B6B7-59176B72E417", "versionEndIncluding": "517.88", "versionStartIncluding": "515"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E07CE5FB-5FE4-449B-9A8C-FE3836F355D2", "versionEndExcluding": "527.41", "versionStartIncluding": "525"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:studio:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1ED5DE2-7677-4F38-8177-3BF0B3D03A09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FF62D74B-A5A4-4A81-9D00-DDA6A8A1F05D", "versionEndExcluding": "526.98", "versionStartIncluding": "525"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:geforce:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24DE5CC2-3787-4605-8EFA-77590E36E960"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B19EABAD-2FA5-4C85-AF5A-86A92934E21F", "versionEndExcluding": "474.14", "versionStartIncluding": "470"}, {"criteria": "cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FF62D74B-A5A4-4A81-9D00-DDA6A8A1F05D", "versionEndExcluding": "526.98", "versionStartIncluding": "525"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}