NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that hackers can exploit to perform, among other things, code execution and elevation of privilege .
The latest security update fixes 25 vulnerabilities in Windows and Linux GPU drivers, while seven flaws are rated as very serious.
The two most critical vulnerabilities are:
- CVE-2022-34669 (CVSS v3.1:8.8) – Locally exploited user mode flaw in the Windows GPU driver that allows a regular unprivileged user to access or modify application-critical files, which may lead to code execution , elevation of privilege, information disclosure, data tampering and denial of service.
- CVE-2022-34671 (CVSS v3.1:8.5) – Remotely exploited user mode flaw in the Windows GPU driver that allows a regular unprivileged user to cause out-of-bounds writes, potentially leading to code execution, escalation of privileges, information disclosure, data tampering and denial of service.
CVE-2022-34671 has a lower severity rating despite being vulnerable to network attacks due to its high complexity, making it less likely to be exploited.
However, the CVE-2022-34669 flaw is more useful for hackers and malware developers who already have access to a Windows device and are looking for ways to elevate their privileges or execute code.
GPU and hardware drivers run with elevated privileges on the operating system, so exploiting a vulnerability in a driver provides the same elevated level of privileges to malicious code or commands.
Given the popularity of NVIDIA products, there is a high chance of finding vulnerable GPU drivers on targeted computers, allowing attackers to exploit these flaws to gain greater privileges and spread further across a network.
NVIDIA has yet to release detailed technical details about these flaws, giving users plenty of time to fix them first.
The NVIDIA driver versions that address these vulnerabilities are as follows:
Linux users should check out this GPU driver version table instead:
Check NVIDIA Security Bulletin for details on all 25 fixes and all software and hardware products covered in this month’s update.
It is recommended that users apply security updates released by downloading the latest available version of the driver for their GPU model from NVIDIA Download Centerwhere they can select the specific product and operating system they are using.
Updates can also be retrieved and applied automatically via NVIDIA GeForce experience after.