CVE-2022-28184 – This vulnerability in NVIDIA GPU Display Driver... (How to Fix)

Q: What is the severity of CVE-2022-28184?

CVE-2022-28184 has a CVSS score of 7.1 (HIGH). This vulnerability in NVIDIA GPU Display Driver allows unprivileged users to access privileged kernel registers through the DxgkDdiEscape handler. This could lead to denial of service, information disclosure, or data tampering. Affects users of NVIDIA GPU drivers on Windows and Linux systems.

📋 TL;DR

This vulnerability in NVIDIA GPU Display Driver allows unprivileged users to access privileged kernel registers through the DxgkDdiEscape handler. This could lead to denial of service, information disclosure, or data tampering. Affects users of NVIDIA GPU drivers on Windows and Linux systems.

💻 Affected Systems

Products:

NVIDIA GPU Display Driver

Versions: Multiple versions prior to R470 and R510 series updates

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both consumer and professional GPU drivers. Requires local user access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation leading to data theft, system manipulation, or persistent backdoor installation.

🟠

Likely Case

Local denial of service (system crashes/instability) and potential information disclosure from kernel memory.

🟢

If Mitigated

Limited impact if proper user access controls and privilege separation are enforced, though kernel-level access remains dangerous.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local user access but no admin privileges. Kernel-level vulnerabilities are attractive targets for sophisticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R470 GA driver branch: 470.161.03 or later; R510 GA driver branch: 510.47.03 or later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5353

Restart Required: Yes

Instructions:

1. Download latest NVIDIA driver from official website. 2. Run installer with administrative privileges. 3. Follow on-screen instructions. 4. Restart system when prompted.

🔧 Temporary Workarounds

Restrict User Access

all

Limit physical and remote access to systems with vulnerable drivers to trusted users only.

Disable GPU Passthrough

all

In virtualized environments, disable GPU passthrough to prevent VM users from accessing vulnerable drivers.

🧯 If You Can't Patch

Implement strict user access controls and privilege separation
Monitor systems for unusual kernel-level activity or crashes

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version: Windows - Open NVIDIA Control Panel > System Information; Linux - Run 'nvidia-smi' or check /proc/driver/nvidia/version

Check Version:

Windows: nvidia-smi | findstr "Driver Version"; Linux: nvidia-smi --query-gpu=driver_version --format=csv

Verify Fix Applied:

Verify driver version is R470.161.03+ or R510.47.03+ using same methods

📡 Detection & Monitoring

Log Indicators:

System crashes (BSOD on Windows, kernel panics on Linux)
Unusual access to nvlddmkm.sys or GPU resources
Failed privilege escalation attempts

Network Indicators:

Not network exploitable - local vulnerability only

SIEM Query:

Windows: EventID 41 (Kernel-Power) with bugcheck code; Linux: kernel panic logs mentioning nvidia or GPU

📊 Metadata

CVE ID: CVE-2022-28184

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

Published: May 17, 2022

Last Updated: November 21, 2024

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5353 Patch,Vendor Advisory
https://security.gentoo.org/glsa/202310-02 Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5353 Patch,Vendor Advisory
https://security.gentoo.org/glsa/202310-02 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28184, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Gpu Display Driver by Nvidia

Gpu Display Driver by Nvidia

Virtual Gpu by Nvidia

Virtual Gpu by Nvidia

Virtual Gpu by Nvidia

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Access

Disable GPU Passthrough

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities