Login Sign Up

CVE-2022-28182

8.5 HIGH

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver for Windows allows attackers to execute arbitrary code through specially crafted shaders, potentially leading to system compromise. It affects Windows systems with vulnerable NVIDIA GPU drivers, primarily impacting users who process untrusted shader content.

💻 Affected Systems

Products:
  • NVIDIA GPU Display Driver
Versions: Multiple versions prior to 512.15
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects DirectX11 user mode driver (nvwgf2um/x.dll). Requires NVIDIA GPU with vulnerable driver version.

📦 What is this software?

Gpu Display Driver by Nvidia

View all CVEs affecting Gpu Display Driver →

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

Virtual Gpu by Nvidia

View all CVEs affecting Virtual Gpu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with privilege escalation, data theft, and persistent backdoor installation

🟠

Likely Case

Local privilege escalation or denial of service on affected systems

🟢

If Mitigated

Limited impact with proper network segmentation and patching

🌐 Internet-Facing: MEDIUM - Requires network access and ability to deliver malicious shader
🏢 Internal Only: HIGH - Internal attackers could exploit for lateral movement and privilege escalation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires network access and ability to deliver malicious shader. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 512.15 or later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5353

Restart Required: Yes

Instructions:

1. Download latest NVIDIA driver from official site. 2. Run installer. 3. Select 'Custom installation'. 4. Check 'Perform clean installation'. 5. Complete installation and restart system.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to systems with vulnerable drivers

Application Control

windows

Block execution of untrusted shader files

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks
  • Implement strict application whitelisting for shader processing

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version in NVIDIA Control Panel or via 'nvidia-smi' command

Check Version:

nvidia-smi --query-gpu=driver_version --format=csv

Verify Fix Applied:

Verify driver version is 512.15 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected DirectX11 shader processing
  • nvwgf2um.dll crashes
  • Privilege escalation attempts

Network Indicators:

  • Unusual network traffic to GPU driver processes
  • Suspicious shader file transfers

SIEM Query:

EventID=1000 AND SourceName='Application Error' AND FaultingModuleName='nvwgf2um.dll'

📊 Metadata

CVE ID: CVE-2022-28182
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: May 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28182, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)