NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.”
The most severe of these issues are CVE‑2022‑28181 and CVE‑2022‑28182 (CVSS score of 8.5), which could lead to “code execution, denial of service, escalation of privileges, information disclosure, and data tampering,” NVIDIA says.
Both security holes could be exploited by an “unauthorized attacker on the network” to cause “an out-of-bounds write through a specially crafted shader.”
While CVE‑2022‑28181 impacts both the Windows and Linux versions of NVIDIA’s GPU display drivers, CVE‑2022‑28182 exists in the Windows DirectX11 user mode driver, the company says.
The vulnerabilities were reported by Cisco Talos’ security researchers, who say that CVE‑2022‑28182 in fact describes three memory corruption issues identified in NVIDIA D3D10 Driver version 496.76, 30.0.14.9676.
“An attacker could exploit these vulnerabilities by sending the target a specially crafted executable or shader file. These issues could also allow an adversary to perform a guest-to-host escape if they target a guest machine running virtualization environments,” the researchers note.
Tracked as CVE‑2022‑28183 (CVSS score of 7.7) and CVE‑2022‑28184 (CVSS score of 7.1), the other two high-severity vulnerabilities resolved with NVIDIA’s May 2022 set of patches impact both Windows and Linux drivers.
Both issues may lead to denial of service and information disclosure, while CVE‑2022‑28184 could also be exploited for data tampering.
The six remaining vulnerabilities that NVIDIA resolved in its graphics drivers this month are rated “medium severity.” Two other medium-severity bugs were resolved in the vGPU software, both leading to denial of service.
Users are advised to head over to NVIDIA’s driver downloads page to install the latest driver updates for their systems.
Related: NVIDIA Ships Patches for High-Severity Security Flaws
Related: NVIDIA, HPE Products Affected by Log4j Vulnerabilities
Related: NVIDIA Ships Patches for High-Severity Security Flaws
More from Ionut Arghire
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
- Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
- Nigerian BEC Scammer Sentenced to Prison in US
Latest News
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
