Unauthorized Access in NVIDIA vGPU Display Driver for Linux Guests
CVE-2022-42260

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Vgpu Software (guest Driver) - Linux, Nvidia Cloud Gaming (guest Driver)
Vendor: CVE Published:; 30 December 2022

Summary

The NVIDIA vGPU Display Driver for Linux contains a vulnerability related to its D-Bus configuration file. This flaw enables an unauthorized user within a guest virtual machine to interfere with protected D-Bus endpoints. The exploitation of this vulnerability could result in various consequences, including code execution, denial of service, escalation of privileges, potential information disclosure, or data tampering.

Affected Version(s)

vGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver) All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

https://security.gentoo.org/glsa/202310-02

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2022
Vulnerability Reserved
Oct 3, 2022