kmod-nvidia CVE-2022-42255

Moderate

yeazelm published GHSA-4fcj-r575-f4qr

Dec 1, 2022

Package

kmod-5.10-nvidia (bottlerocket)

Affected versions

< 1.11.1

Patched versions

1.11.1

kmod-5.15-nvidia (bottlerocket)

< 1.11.1

1.11.1

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L