CVE-2022-42266 MEDIUM

CVE-2022-42266

Vendor Nvidia
Product vGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
Weakness CWE-200 · Info exposure
Published December 30, 2022
Last update April 11, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

Key dates

02Disclosure timeline

December 30, 2022 CVE published
April 11, 2025 Record updated