CVE-2022-42262
7.8
HIGH
CVSS 3.1
EPSS 0.14%
Description
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
How to fix CVE-2022-42262
To remediate CVE-2022-42262, upgrade the affected package to a fixed version below.
- Debian/nvidia-graphics-drivers—upgrade to 470.161.03-1 or later
- —upgrade to 510.108.03-1 or later
- —no fix listed
- —upgrade to 450.216.04-1~deb11u1 or later
- —upgrade to 460.106.00-3 or later
- —upgrade to 470.161.03-1~deb11u1 or later
Is CVE-2022-42262 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 470.161.03-1
- from 0, < 510.108.03-1
- from 0
- from 0, < 450.216.04-1~deb11u1
- from 0, < 460.106.00-3
- from 0, < 470.161.03-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |