CVE-2022-42266

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5415	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::
	cpe:2.3:a:nvidia:virtual_gpu::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

09 Jan 2023, 19:54

Type	Values Removed	Values Added
First Time		Microsoft windows Microsoft Nvidia cloud Gaming Nvidia Nvidia virtual Gpu
CPE		cpe:2.3:a:nvidia:cloud_gaming:::::::: cpe:2.3:a:nvidia:virtual_gpu:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
CWE		CWE-200
References	~~(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5415 -~~	(MISC) https://nvidia.custhelp.com/app/answers/detail/a_id/5415 - Vendor Advisory

30 Dec 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-30 23:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-42266

Mitre link : CVE-2022-42266

CVE.ORG link : CVE-2022-42266

JSON object : View

Products Affected

nvidia

virtual_gpu
cloud_gaming

microsoft

windows

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2022-42266", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-12-30T23:15:11.580", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure."}], "lastModified": "2023-01-09T19:54:57.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85A2D2C0-6EF1-442E-987A-006E2652D955", "versionEndExcluding": "11.11"}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE131245-E5CE-4680-9479-9C7359D1001C", "versionEndExcluding": "13.6", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "230B9F4E-DFDF-4492-BE31-E781D1D3A956", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cloud_gaming:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00A5739-C976-49CE-B2A6-5EBC27BFC944", "versionEndExcluding": "527.27"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}