CVE-2022-42260 HIGH

CVE-2022-42260

Vendor Nvidia
Product vGPU software (guest driver) - Linux, NVIDIA Cloud Gaming (guest driver)
Weakness CWE-281
Published December 30, 2022
Last update April 11, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Key dates

02Disclosure timeline

December 30, 2022 CVE published
April 11, 2025 Record updated