Out-of-bounds Read in Citrix Hypervisor
CVE-2022-34677
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
Vulnerability class: Buffer Overflow
EPSS: 0.003 (20.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Citrix Hypervisor
- Linux Linux_kernel
- Nvidia Cloud_gaming
- Nvidia Geforce
- Nvidia Gpu_display_driver
- Nvidia Nvs
- Nvidia Quadro
- Nvidia Rtx
- Nvidia Tesla
- Nvidia Vgpu Software (Guest Driver) - Linux, (Virtual Gpu Manager), Cloud Gaming Driver), Manager) — versions All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release
Weakness classification (CWE)
References
- psirt@nvidia.com (Vendor Advisory)
- psirt@nvidia.com (mailing-list, Mailing List)
- psirt@nvidia.com (vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-34677?
- CVE-2022-34677 is a medium-severity vulnerability in Citrix Hypervisor, classified under Out-of-bounds Read. CVSS score: 5.5/10. Published 2022-12-30.
- How severe is CVE-2022-34677?
- Medium severity. CVSS v3 base score is 5.5 out of 10.