NVIDIA GPU Driver INFO leak via KML over-mapping
CVE-2022-34674 Published on December 30, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
Vulnerability Analysis
CVE-2022-34674 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2022-34674 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2022-34674
stack.watch emails you whenever new vulnerabilities are published in Debian Linux or NVIDIA Gpu Display Driver. Just hit a watch button to start following.
Affected Versions
vGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager) Version All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release is affected by CVE-2022-34674Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.