Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nvidia Patches Many Vulnerabilities in Windows, Linux Display Drivers

Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.

Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.

The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or other files that the driver uses.

Successful exploitation of the bug, Nvidia says, could allow the attacker to execute arbitrary code, cause a denial-of-service (DoS) condition, escalate privileges, access restricted information, or modify data.

Another severe flaw in the Windows driver is CVE‑2022‑34671 (CVSS score of 8.5), an out-of-bounds write that could have similar effects.

A vulnerability in Nvidia Control Panel for Windows could allow an unauthorized attacker to escalate privileges, leak sensitive data, or execute commands. The bug is tracked as CVE‑2022‑34672 (CVSS score of 7.8).

The chip maker also announced patches for four high-severity vulnerabilities in the kernel mode layer of its display driver for Linux, which could lead to DoS conditions, information disclosure, or data tampering.

Nvidia’s November 2022 driver updates also address three high-severity issues in the company’s virtual GPU (vGPU) software.

Tracked as CVE‑2022‑42260 (CVSS score of 7.8), the most severe of these impacts a D-Bus configuration file in the vGPU display driver for Linux and could be exploited without authorization to execute code, create a DoS condition, escalate privileges, or leak or tamper with data.

Two other issues, CVE‑2022‑42261 and CVE‑2022‑42262, impact the Virtual GPU Manager (vGPU plugin) and could lead to data modification, information disclosure, or a DoS condition.

Nvidia also resolved 19 medium-severity vulnerabilities that could be exploited to cause DoS conditions, leak information, or tamper with data.

Users are advised to download and install the available patches as soon as possible. Additional details on the resolved vulnerabilities can be found in Nvidia’s security bulletin.

Related: NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver

Related: NVIDIA Ships Patches for High-Severity Security Flaws

Related: NVIDIA Patches Code Execution Flaws in GeForce Experience

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.