Nvidia Patches 29 GPU Driver Errors • The Register

Nvidia has fixed more than two dozen vulnerabilities in its GPU display driver, the most serious of which could allow an unprivileged user to modify files and then escalate privileges, run code, tamper with or steal data, or even take over your device.

In total, the chipmaker has patched 29 vulnerabilities affecting Windows and Linux products, including 10 high-severity bugs.

Nvidia doesn’t release much technical information about the bugs to ensure customers can patch their systems before criminals exploit these vulnerabilities – hopefully – but here’s what we know about the security issues.

The most severe of the group, traced as CVE-2022-34669, affects the Windows version of the GPU display driver and received a CVSS score of 8.8.

According to Nvidia, this vulnerability “could allow an unprivileged regular user [to] access or modify system files or other files critical to the application.” Successful exploitation could lead to code execution, denial of service, privilege escalation, information disclosure or data tampering, the advisory said.

Another critical bug (CVE-2022-34671), which also affects the Windows product and received a CVSS score of 8.5, exists in the user mode layer of the GPU display driver. According to Nvidia, this could allow an unprivileged user to cause an out-of-bounds write, which could also lead to code execution, denial of service, privilege escalation, information disclosure, or data tampering.

Four others received 7.8 CVSS scores. They are:

CVE-2022-34672, a vulnerability in the Windows Control Panel that could allow an unauthorized user to gain privileges, read sensitive information and execute commands.

CVE-2022-34670, located in the Linux GPU display driver kernel mode layer handler. “An unprivileged regular user may cause truncation errors when converting a primitive to a smaller-sized primitive, resulting in data being lost in the conversion, which may lead to denial of service or information disclosure,” warns das Security Bulletin.

CVE-2022-42260, also in the Linux version of the GPU display driver. This is due to improper retention of permissions in the D-Bus configuration file. An unauthorized user in the guest VM could exploit this flaw on protected D-Bus endpoints, which could lead to code execution, denial of service, privilege escalation, information disclosure or data tampering, the chipmaker said.

Finally, CVE-2022-42261, a flaw in the virtual GPU management software, fails to properly validate an input index, resulting in a buffer overflow, leading to data manipulation, information disclosure, or denial of service.

The 29 bugs described in the security bulletin affect several different Nvidia software products: GeForce, Studio, Nvidia RTX, Quadro, NVS and Tesla running on Windows systems. Plus GeForce, Nvidia RTX, Quadro, NVS and Tesla on Linux-based devices.

Nvidia didn’t immediately respond The registry‘s request if it is aware of these vulnerabilities being exploited in the wild, but we’ll update this story as we learn more. ®

https://www.theregister.com/2022/12/01/nvidia_gpu_driver_bugs/ Nvidia Patches 29 GPU Driver Errors • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@worldtimetodays.com. The content will be deleted within 24 hours.

Related Articles

Back to top button