Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver

NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.”

NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.”

The most severe of these issues are CVE‑2022‑28181 and CVE‑2022‑28182 (CVSS score of 8.5), which could lead to “code execution, denial of service, escalation of privileges, information disclosure, and data tampering,” NVIDIA says.

Both security holes could be exploited by an “unauthorized attacker on the network” to cause “an out-of-bounds write through a specially crafted shader.”

While CVE‑2022‑28181 impacts both the Windows and Linux versions of NVIDIA’s GPU display drivers, CVE‑2022‑28182 exists in the Windows DirectX11 user mode driver, the company says.

The vulnerabilities were reported by Cisco Talos’ security researchers, who say that CVE‑2022‑28182 in fact describes three memory corruption issues identified in NVIDIA D3D10 Driver version 496.76, 30.0.14.9676.

“An attacker could exploit these vulnerabilities by sending the target a specially crafted executable or shader file. These issues could also allow an adversary to perform a guest-to-host escape if they target a guest machine running virtualization environments,” the researchers note.

Tracked as CVE‑2022‑28183 (CVSS score of 7.7) and CVE‑2022‑28184 (CVSS score of 7.1), the other two high-severity vulnerabilities resolved with NVIDIA’s May 2022 set of patches impact both Windows and Linux drivers.

Both issues may lead to denial of service and information disclosure, while CVE‑2022‑28184 could also be exploited for data tampering.

Advertisement. Scroll to continue reading.

The six remaining vulnerabilities that NVIDIA resolved in its graphics drivers this month are rated “medium severity.” Two other medium-severity bugs were resolved in the vGPU software, both leading to denial of service.

Users are advised to head over to NVIDIA’s driver downloads page to install the latest driver updates for their systems.

Related: NVIDIA Ships Patches for High-Severity Security Flaws

Related: NVIDIA, HPE Products Affected by Log4j Vulnerabilities

Related: NVIDIA Ships Patches for High-Severity Security Flaws

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.