Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.
The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or other files that the driver uses.
Successful exploitation of the bug, Nvidia says, could allow the attacker to execute arbitrary code, cause a denial-of-service (DoS) condition, escalate privileges, access restricted information, or modify data.
Another severe flaw in the Windows driver is CVE‑2022‑34671 (CVSS score of 8.5), an out-of-bounds write that could have similar effects.
A vulnerability in Nvidia Control Panel for Windows could allow an unauthorized attacker to escalate privileges, leak sensitive data, or execute commands. The bug is tracked as CVE‑2022‑34672 (CVSS score of 7.8).
The chip maker also announced patches for four high-severity vulnerabilities in the kernel mode layer of its display driver for Linux, which could lead to DoS conditions, information disclosure, or data tampering.
Nvidia’s November 2022 driver updates also address three high-severity issues in the company’s virtual GPU (vGPU) software.
Tracked as CVE‑2022‑42260 (CVSS score of 7.8), the most severe of these impacts a D-Bus configuration file in the vGPU display driver for Linux and could be exploited without authorization to execute code, create a DoS condition, escalate privileges, or leak or tamper with data.
Two other issues, CVE‑2022‑42261 and CVE‑2022‑42262, impact the Virtual GPU Manager (vGPU plugin) and could lead to data modification, information disclosure, or a DoS condition.
Nvidia also resolved 19 medium-severity vulnerabilities that could be exploited to cause DoS conditions, leak information, or tamper with data.
Users are advised to download and install the available patches as soon as possible. Additional details on the resolved vulnerabilities can be found in Nvidia’s security bulletin.
Related: NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver
Related: NVIDIA Ships Patches for High-Severity Security Flaws
Related: NVIDIA Patches Code Execution Flaws in GeForce Experience
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
