CVE-2022-28181: 
Linux Debian vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Windows and Linux contains a critical vulnerability (CVE-2022-28181) discovered in the kernel mode layer. The vulnerability was disclosed on May 17, 2022, and affects NVIDIA GPU Display Drivers across multiple operating systems. The issue allows an unprivileged regular user on the network to cause an out-of-bounds write through a specially crafted shader (NVIDIA Bulletin).

The vulnerability is classified as an out-of-bounds write (CWE-787) in the kernel mode layer. It received a CVSS v3.1 base score of 8.5 (HIGH) with the vector string AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H from NVIDIA, while the NVD assigned a CVSS score of 9.9 (CRITICAL) (NVD Database, NVIDIA Bulletin).

The exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components of the system (NVIDIA Bulletin).

NVIDIA has released security updates for affected products. For Windows systems, updates are available in R510 (512.77), R470 (473.47), and R450 (453.51) branches. For Linux systems, updates are available in R510 (510.73.05), R470 (470.129.06), R450 (450.191.01), and R390 (390.151) branches. No alternative workarounds are provided (NVIDIA Bulletin).

NVIDIA acknowledged and credited Piotr Bania of Cisco Talos for reporting the vulnerability (NVIDIA Bulletin).