CVE-2022-34678

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5415	Vendor Advisory
https://security.gentoo.org/glsa/202310-02	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

OR	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*
	cpe:2.3:o:vmware:vsphere:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:citrix:hypervisor:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

19 Oct 2023, 01:15

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/202310-02 -~~	(GENTOO) https://security.gentoo.org/glsa/202310-02 - Third Party Advisory

03 Oct 2023, 15:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202310-02 -

06 Jan 2023, 20:53

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux_kernel-based_virtual_machine:-:::::::* cpe:2.3:o:vmware:vsphere:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:nvidia:cloud_gaming:::::::: cpe:2.3:o:citrix:hypervisor:-:::::::* cpe:2.3:a:nvidia:virtual_gpu::::::::
First Time		Nvidia Nvidia cloud Gaming Citrix hypervisor Redhat Citrix Linux Linux linux Kernel Microsoft windows Microsoft Vmware Nvidia virtual Gpu Vmware vsphere Redhat enterprise Linux Kernel-based Virtual Machine
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5415 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5415 - Vendor Advisory
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

30 Dec 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-30 23:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-34678

Mitre link : CVE-2022-34678

CVE.ORG link : CVE-2022-34678

JSON object : View

Products Affected

nvidia

virtual_gpu
cloud_gaming

redhat

enterprise_linux_kernel-based_virtual_machine

linux

linux_kernel

microsoft

windows

citrix

hypervisor

vmware

vsphere

CWE

CWE-476

NULL Pointer Dereference

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2022-34678

5.5^/10

Attach tags to `CVE-2022-34678`