Home » Database

AVID-2026-R1056

Description

Vulnerability CVE-2022-34676

Details

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

Reason for inclusion in AVID: CVE-2022-34676 describes a vulnerability in the NVIDIA GPU Display Driver for Linux (kernel mode layer) that can lead to denial of service, information disclosure, or data tampering via an out-of-bounds read. The affected components include vGPU software and related NVIDIA guest drivers, which are software stack elements used to run general-purpose AI workloads (ML training/inference) on GPUs. This is a software component within the AI software supply chain (drivers/runtimes used to deploy/run AI systems), not hardware- or firmware-only. The vulnerability is CVE-listed with measurable impact (CWE-197) and CVSS signals. Therefore it is relevant to AI systems and their supply chain.

References

Affected or Relevant Artifacts

  • Developer: NVIDIA
  • Deployer: NVIDIA
  • Artifact Details:
TypeName
SystemvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score7.1
Base Severity🔴 High
Attack VectorLOCAL
Attack Complexity🟢 Low
Privileges Required🟢 Low
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-197CWE-197

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2022-12-30
  • Version: 0.3.3
  • AVID Entry