Buffer overflow in Citrix Hypervisor
CVE-2022-42261
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of s…
Vulnerability class: Buffer Overflow
EPSS: 0.003 (17.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Citrix Hypervisor
- Linux Linux_kernel
- Nvidia Cloud_gaming
- Nvidia Geforce
- Nvidia Gpu_display_driver
- Nvidia Nvs
- Nvidia Quadro
- Nvidia Rtx
- Nvidia Tesla
- Nvidia Vgpu Software (Virtual Gpu Manager), Cloud Gaming Manager) — versions All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release
Weakness classification (CWE)
References
- psirt@nvidia.com (Vendor Advisory)
- psirt@nvidia.com (vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-42261?
- CVE-2022-42261 is a high-severity vulnerability in Citrix Hypervisor, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.8/10. Published 2022-12-30.
- How severe is CVE-2022-42261?
- High severity. CVSS v3 base score is 7.8 out of 10.