CVE-2022-21814

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.

How to fix CVE-2022-21814

To remediate CVE-2022-21814, upgrade the affected package to a fixed version below.

Debian/nvidia-graphics-drivers—upgrade to 470.129.06-5~deb11u1 or later
—upgrade to 470.103.01-1 or later

Is CVE-2022-21814 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 470.129.06-5~deb11u1
from 0, < 470.103.01-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-21814