Improper Privilege Management in NVIDIA Windows GPU Display Driver - CVE-2022-42266
Published: December 1, 2022
Vulnerability identifier: #VU69816
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-42266
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
NVIDIA Windows GPU Display Driver
NVIDIA Windows GPU Display Driver
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The
vulnerability exists due to improper privilege management in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape within the
NVIDIA GPU Display Driver for Windows. A local user can gain access to sensitive information.
How to mitigate CVE-2022-42266
Install updates from vendor's website.