数值类型间的不正确转换

CVE编号

CVE-2022-34677

利用情况

暂无

补丁情况

N/A

披露时间

2022-12-31
漏洞描述
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 nvidia cloud_gaming * Up to
(excluding)
525.60.11
运行在以下环境
应用 nvidia cloud_gaming * Up to
(excluding)
525.60.12
运行在以下环境
应用 nvidia geforce - -
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
390
Up to
(excluding)
390.157
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
450
Up to
(excluding)
450.216.04
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
470
Up to
(excluding)
470.161.03
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
510
Up to
(excluding)
510.108.03
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
515
Up to
(excluding)
515.86.01
运行在以下环境
应用 nvidia gpu_display_driver * From
(including)
525
Up to
(excluding)
525.60.11
运行在以下环境
应用 nvidia nvs - -
运行在以下环境
应用 nvidia quadro - -
运行在以下环境
应用 nvidia rtx - -
运行在以下环境
应用 nvidia tesla - -
运行在以下环境
应用 nvidia virtual_gpu * Up to
(excluding)
11.11
运行在以下环境
应用 nvidia virtual_gpu * From
(including)
12.0
Up to
(excluding)
13.6
运行在以下环境
应用 nvidia virtual_gpu * From
(including)
14.0
Up to
(excluding)
14.4
运行在以下环境
系统 citrix hypervisor - -
运行在以下环境
系统 debian_10 nvidia-graphics-drivers-tesla * Up to
(including)
418.226.00-3
运行在以下环境
系统 debian_11 nvidia-graphics-drivers-tesla * Up to
(excluding)
470.161.03-1
运行在以下环境
系统 debian_12 nvidia-graphics-drivers-tesla * Up to
(including)
510.85.02-4
运行在以下环境
系统 debian_sid nvidia-graphics-drivers-tesla * Up to
(including)
418.226.00-9
运行在以下环境
系统 linux linux_kernel - -
运行在以下环境
系统 redhat enterprise_linux_kernel-based_virtual_machine - -
运行在以下环境
系统 ubuntu_18.04 nvidia-graphics-drivers-tesla * Up to
(excluding)
superseded
运行在以下环境
系统 vmware vsphere - -
CVSS3评分
7.1
  • 攻击路径
    本地
  • 攻击复杂度
  • 权限要求
  • 影响范围
    未更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CWE-ID 漏洞类型
CWE-681 数值类型间的不正确转换
阿里云安全产品覆盖情况