NVIDIA Fixes Ten Vulnerabilities in Windows GPU Monitor Drivers

nvidia

NVIDIA has released a security update for a wide range of graphics card models, to address four high-risk and six medium-risk vulnerabilities in its GPU drivers.

The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc.

Updates were made available for Tesla, RTX/Quadro, NVS, Studio, and GeForce software products, which cover the R450, R470, and R510 driver branches.

CVEs are fixed for each driver branch
CVEs are fixed for each driver branch (nvidia)

Interestingly, apart from the current and recent product lines being actively supported, NVIDIA’s latest release also covers the GTX 600 and GTX 700 Kepler-series cards, whose support ended in October 2021.

Former GPU Maker promise To continue to provide critical security updates for these products through September 2024, and this driver update delivers on that promise.

The four high-severity flaws that were fixed this month are:

  • CVE-2022-28181 (CVSS v3 score: 8.5) – Overwriting in the kernel mode layer caused by a specially designed shader sent over the network, which can lead to code execution, denial of service, privilege escalation, information disclosure, and data manipulation.
  • CVE-2022-28182 (CVSS v3 score: 8.5) – A flaw in the DirectX11 user mode driver that allows an unauthorized attacker to send a specially created shared file over the network and cause denial of service, privilege escalation, information disclosure, and data manipulation.
  • CVE-2022-28183 (CVSS v3 score: 7.7) – A vulnerability in the kernel mode layer, where a normal non-privileged user could cause an out-of-bounds read, which could lead to denial of service and information disclosure.
  • CVE-2022-28184 (CVSS v3 score: 7.1) – A vulnerability in the kernel mode layer handler (nvlddmkm.sys) for DxgkDdiEscape, in which a normal non-privileged user could access administrator privilege records, which could lead to denial of service, information disclosure, and data manipulation.

These vulnerabilities require low privileges and no user interaction, so they can be embedded in malware, allowing attackers to execute commands with higher privileges.

The first two types can be exploited over the network, while the other two are exploited through local access, which could still be useful for malware infecting a system with low privileges.

Cisco Talos, which discovered CVE-2022-28181 and CVE-2022-28182, also has Posted a post today It details how they caused memory corruption flaws to appear by providing corrupted arithmetic shaders.

Since threat actors can use malicious browser shaders by WebAssembly and WebGL, Talos warns that threat actors may be able to trigger this remotely.

“A specially designed executable / shader can corrupt memory. This vulnerability could potentially be triggered from guest machines running virtualized environments (eg VMware, qemu, VirtualBox, etc.) in order to perform guest-to-host escapes. Theoretically this vulnerability can also be triggered from a web browser using webGL and webassembly,” Talos explains Regarding CVE-2022-28181.

For more details on all the fixes and every software and hardware product covered this month, check out NVIDIA Security Bulletin.

All users are advised to apply the released security updates as soon as possible. Users can download the latest driver for their GPU model from NVIDIA Download Center where they can identify a specific product and operating system they are using.

Updates can also be applied through the NVIDIA GeForce Experience suite.

However, if you do not specifically need the software to save game profiles or use its streaming features, we recommend that you do not use it as it presents unnecessary security and resource usage risks.

Leave a Comment