Security News > 2022 > November > NVIDIA releases GPU driver update to fix 29 security flaws

NVIDIA releases GPU driver update to fix 29 security flaws
2022-11-30 16:27

NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

The latest security update addresses 25 vulnerabilities on the Windows and Linux GPU drivers, while seven flaws are categorized as high-severity.

CVE-2022-34669 - Locally exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to access or modify files critical to the application, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

CVE-2022-34671 - Remotely exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to cause an out-of-bounds write, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

Considering the popularity of NVIDIA products, there's a high chance of finding vulnerable GPU drivers on targeted computers, allowing attackers to exploit these flaws to gain greater privileges and spread further on a network.

Users are recommended to apply the released security updates by downloading the latest available version of the driver for their GPU model from NVIDIA's download central, where they can select the specific product and OS they are using.


News URL

https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-update-to-fix-29-security-flaws/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-30 CVE-2022-34671 Out-of-bounds Write vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.
network
low complexity
nvidia CWE-787
8.8
2022-12-30 CVE-2022-34669 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nvidia Cloud Gaming and Virtual GPU
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
local
low complexity
nvidia CWE-610
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 239 12 178 319 15 524