CVE-2022-28192

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-28192
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*
History

26 May 2022, 15:18

Type Values Removed Values Added
References (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - (MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - Patch, Vendor Advisory
CWE CWE-416
CVSS v2 : unknown
v3 : 4.1 		v2 : 1.9
v3 : 4.1
First Time Nvidia
Nvidia virtual Gpu
CPE cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:*

17 May 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-17 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-28192

Mitre link : CVE-2022-28192

CVE.ORG link : CVE-2022-28192

JSON object : View

Products Affected

nvidia

  • virtual_gpu
CWE
CWE-416

Use After Free