Nvidia has disclosed 25 vulnerabilities found across their GPU product lineup. Due to Nvidia’s popularity among multiple different consumer and enterprise product spaces, the potential fallout may be concerning. Among the 25 security flaws are two of high severity. The security bulletin released by Nvidia describes them as follows:

• CVE-2022-34669 (CVSS v3.1: 8.8) – Locally exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to access or modify files critical to the application, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

• CVE-2022-34671 (CVSS v3.1: 8.5) – Remotely exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to cause an out-of-bounds write, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

Even though CVE-2022-34671 offers the potential for remote code execution, it has received a lower CVSS score due to the complexity of the flaw and the difficulty required to exploit it. While the most useful flaws for threat actors are typically code execution and privilege escalation, the vulnerabilities listed above have a wide range of potential for abuse. At this time, it does not appear that there are any publicly available proof-of-concept exploits that take advantage of these vulnerabilities.