Improper Privilege Management in NVIDIA Windows GPU Display Driver - CVE-2022-42266

 

Improper Privilege Management in NVIDIA Windows GPU Display Driver - CVE-2022-42266

Published: December 1, 2022


Vulnerability identifier: #VU69816
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-42266
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
NVIDIA Windows GPU Display Driver

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape within the NVIDIA GPU Display Driver for Windows. A local user can gain access to sensitive information.


How to mitigate CVE-2022-42266

Install updates from vendor's website.

Sources