CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nvidia Patches Many Vulnerabilities in Windows, Linux Display Drivers

Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.

Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.

The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or other files that the driver uses.

Successful exploitation of the bug, Nvidia says, could allow the attacker to execute arbitrary code, cause a denial-of-service (DoS) condition, escalate privileges, access restricted information, or modify data.

Another severe flaw in the Windows driver is CVE‑2022‑34671 (CVSS score of 8.5), an out-of-bounds write that could have similar effects.

A vulnerability in Nvidia Control Panel for Windows could allow an unauthorized attacker to escalate privileges, leak sensitive data, or execute commands. The bug is tracked as CVE‑2022‑34672 (CVSS score of 7.8).

The chip maker also announced patches for four high-severity vulnerabilities in the kernel mode layer of its display driver for Linux, which could lead to DoS conditions, information disclosure, or data tampering.

Nvidia’s November 2022 driver updates also address three high-severity issues in the company’s virtual GPU (vGPU) software.

Tracked as CVE‑2022‑42260 (CVSS score of 7.8), the most severe of these impacts a D-Bus configuration file in the vGPU display driver for Linux and could be exploited without authorization to execute code, create a DoS condition, escalate privileges, or leak or tamper with data.

Advertisement. Scroll to continue reading.

Two other issues, CVE‑2022‑42261 and CVE‑2022‑42262, impact the Virtual GPU Manager (vGPU plugin) and could lead to data modification, information disclosure, or a DoS condition.

Nvidia also resolved 19 medium-severity vulnerabilities that could be exploited to cause DoS conditions, leak information, or tamper with data.

Users are advised to download and install the available patches as soon as possible. Additional details on the resolved vulnerabilities can be found in Nvidia’s security bulletin.

Related: NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver

Related: NVIDIA Ships Patches for High-Severity Security Flaws

Related: NVIDIA Patches Code Execution Flaws in GeForce Experience

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.