NVIDIA has fixed 25 vulnerabilities in GPU drivers, some of them potentially harmful to systems.
NVIDIA has released a security update for the Windows GPU driver that contains a fix for a dangerous vulnerability that attackers can use to execute code and privilege escalation.
The latest update fixes 25 vulnerabilities in GPU drivers for Windows and Linux, and 7 vulnerabilities have a high severity level.
2 most dangerous vulnerabilities:
CVE-2022-34669 (CVSS v3.1:8.8) is a locally exploited user-mode vulnerability in the Windows GPU driver that could allow an unprivileged user to access or modify files critical to the application, which could lead to arbitrary code execution, privilege escalation, information disclosure , data falsification and denial of service (DoS) conditions.
CVE-2022-34671 (CVSS v3.1:8.5) is a remotely exploited user-mode vulnerability in the Windows GPU driver that could allow an unprivileged user to cause an out-of-bounds write, which could have similar effects.
Given the popularity of NVIDIA products, vulnerable GPU drivers are likely to be found on target computers, allowing attackers to exploit these flaws to gain higher privileges and further spread over the network.
NVIDIA has not yet published detailed technical information about these shortcomings, which gives users enough time to update to the corrected driver versions.
Users are encouraged to apply released security updates by downloading the latest available driver for their GPU model from the NVIDIA Download Center. Updates can also be downloaded and applied automatically through NVIDIA GeForce Experience.