NVIDIA releases GPU driver update to fix 29 security flaws

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,693
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

The latest security update addresses 25 vulnerabilities on the Windows and Linux GPU drivers, while seven flaws are categorized as high-severity.

The two most critical vulnerabilities are:
  • CVE-2022-34669 (CVSS v3.1: 8.8) – Locally exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to access or modify files critical to the application, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.
  • CVE-2022-34671 (CVSS v3.1: 8.5) – Remotely exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to cause an out-of-bounds write, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.
CVE-2022-34671 has a lower severity rating despite being vulnerable to network attacks because of its high complexity, making its exploitation less likely.

However, the CVE-2022-34669 flaw is more helpful to hackers and malware developers who already have access to a Windows device and are looking for ways to escalate their privileges or execute code.

GPU and hardware drivers run with elevated privileges on the OS, so exploiting a vulnerability in a driver provides the same high level of privileges to malicious code or commands.

Considering the popularity of NVIDIA products, there's a high chance of finding vulnerable GPU drivers on targeted computers, allowing attackers to exploit these flaws to gain greater privileges and spread further on a network.
NVIDIA Security Bulletin:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top