Security News > 2022 > December > Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover
2022-12-01 23:30

Nvidia fixed more than two dozen security flaws in its GPU display driver, the most severe of which could allow an unprivileged user to modify files, and then escalate privileges, execute code, tamper with or steal data, or even take over your device.

In total, the chipmaker patched 29 vulnerabilities affecting Windows and Linux products, including 10 high-severity bugs.

The most severe of the bunch, tracked as CVE-2022-34669, affects the Windows version of the GPU display driver and received a CVSS score of 8.8.

Another high-severity flaw that also affects the Windows product and received an 8.5 CVSS rating exists in the GPU display driver user mode layer.

CVE-2022-34670, which is found in the kernel mode layer handler of the GPU display driver for Linux.

The 29 bugs detailed in the security bulletin affect several different Nvidia software products: GeForce, Studio, Nvidia RTX, Quadro, NVS, and Tesla running on Windows systems.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/01/nvidia_gpu_driver_bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-30 CVE-2022-34670 Incorrect Conversion between Numeric Types vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
local
low complexity
nvidia debian CWE-681
7.8
2022-12-30 CVE-2022-34669 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nvidia Cloud Gaming and Virtual GPU
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
local
low complexity
nvidia CWE-610
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nvidia 278 80 209 222 16 527