Buffer overflow in Citrix Hypervisor
CVE-2022-42262
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of s…
Vulnerability class: Buffer Overflow
EPSS: 0.002 (12.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.
Affected products
- Citrix Hypervisor
- Linux Linux_kernel
- Nvidia Cloud_gaming
- Nvidia Geforce
- Nvidia Gpu_display_driver
- Nvidia Nvs
- Nvidia Quadro
- Nvidia Rtx
- Nvidia Tesla
- Nvidia Vgpu Software (Virtual Gpu Manager), Cloud Gaming Manager) — versions All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release
Weakness classification (CWE)
References
- psirt@nvidia.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-42262?
- CVE-2022-42262 is a high-severity vulnerability in Citrix Hypervisor, classified under Out-of-bounds Write. CVSS score: 7.1/10. Published 2022-12-30.
- How severe is CVE-2022-42262?
- High severity. CVSS v3 base score is 7.1 out of 10.