CVE-2022-28184: 
Linux Debian vulnerability analysis and mitigation

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, discovered and disclosed in May 2022. The vulnerability allows an unprivileged regular user to access administrator-privileged registers. This vulnerability is tracked as CVE-2022-28184 with a CVSS v3.1 base score of 7.1 (NVIDIA Bulletin).

The vulnerability exists in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where privilege control mechanisms are insufficient. It has a CVSS vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating local access required, low attack complexity, low privileges required, no user interaction needed, and high impact on confidentiality and integrity (NVIDIA Bulletin).

The exploitation of this vulnerability can lead to denial of service, information disclosure, and data tampering. The high CVSS score of 7.1 reflects the significant potential impact on system security, particularly concerning confidentiality and integrity of the affected systems (NVIDIA Bulletin).

NVIDIA has released security updates for affected products. For Windows systems, updates are available in versions 512.77 (GeForce), 512.78 (RTX/Quadro), and 473.47 (R470 branch). For Linux systems, updates are available in versions 510.73.05 (R510) and 470.129.06 (R470). Users are advised to upgrade to these or later versions (NVIDIA Bulletin, Gentoo Security).