NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
Conclusion & alert: CVE-2022-28181 is rated Moderate Risk (55.2/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.05%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-11 | 1.03% | 1.05% | +0.02% |
| 2 | 2026-06-15 | 1.14% | 1.03% | -0.11% |
| 3 | 2026-06-06 | — | 1.14% | — |
Full EPSS history (27 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.5 | 3.1 | HIGH |
|
1.8 | 6.0 | [email protected] |
| 9.9 | 3.1 | CRITICAL |
|
3.1 | 6.0 | [email protected] |
| 6.9 | 2.0 | MEDIUM |
|
3.4 | 10.0 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2022-28181 not yet assigned priority: Debian including 7 source packages (nvidia-graphics-drivers, nvidia-graphics-drivers-legacy-340xx, …), 17 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 12, open 5. | https://security-tracker.debian.org/tracker/CVE-2022-28181 |
gentoo
|
normal | CVE-2022-28181: 1 GLSA(s) (202310-02), 1 atom(s) (x11-drivers/nvidia-drivers); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2022-28181 |
ubuntu
|
medium | CVE-2022-28181 medium priority: Ubuntu including 26 source packages (nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, …), 364 status rows across 14 suites (bionic, focal, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 216, ignored 59, not-affected 38, needs-triage 27, released 24. | https://ubuntu.com/security/CVE-2022-28181 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| nvidia | virtual_gpu | >= 11.0, < 11.8 | cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* |
| nvidia | virtual_gpu | >= 13.0, < 13.3 | cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:* |
| nvidia | virtual_gpu | 14.0 | cpe:2.3:a:nvidia:virtual_gpu:14.0:*:*:*:*:*:*:* |
| nvidia | gpu_display_driver | — | cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:linux:*:* |
| nvidia | gpu_display_driver | — | cpe:2.3:a:nvidia:gpu_display_driver:-:*:*:*:*:windows:*:* |
| URL | Tags |
|---|---|
| https://nvidia.custhelp.com/app/answers/detail/a_id/5353 | Patch Vendor Advisory |
| https://security.gentoo.org/glsa/202310-02 | Third Party Advisory |