Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest
Binary Defense Full Color Logo Dark Markless Binary Defense Full Color Logo Dark Markless Binary Defense Full Color Logo Light Markless Binary Defense Full Color Logo Light Markless

Search

Binary Defense Full Color Logo Dark Markless Binary Defense Full Color Logo Dark Markless Binary Defense Full Color Logo Light Markless Binary Defense Full Color Logo Light Markless

Nvidia Releases Driver Update to Address Security Flaws

Last Modified: Tuesday April 18, 2023

By

Nvidia has disclosed 25 vulnerabilities found across their GPU product lineup. Due to Nvidia’s popularity among multiple different consumer and enterprise product spaces, the potential fallout may be concerning. Among the 25 security flaws are two of high severity. The security bulletin released by Nvidia describes them as follows:

  • CVE-2022-34669 (CVSS v3.1: 8.8) – Locally exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to access or modify files critical to the application, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.
  • CVE-2022-34671 (CVSS v3.1: 8.5) – Remotely exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to cause an out-of-bounds write, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

Even though CVE-2022-34671 offers the potential for remote code execution, it has received a lower CVSS score due to the complexity of the flaw and the difficulty required to exploit it. While the most useful flaws for threat actors are typically code execution and privilege escalation, the vulnerabilities listed above have a wide range of potential for abuse. At this time, it does not appear that there are any publicly available proof-of-concept exploits that take advantage of these vulnerabilities.

Analyst Notes

Nvidia has not released any detail rich information of the specifics of these security flaws in order to allow users time to update their drivers before proof-of-concept exploitation tools are developed.
Nvidia users can reference Nvidia’s security bulletin to identify their GPU or other product and the appropriate driver version to patch these vulnerabilities here: https://nvidia.custhelp.com/app/answers/detail/a_id/5415
Users can then download the appropriate driver for their device from Nvidia’s download center here: https://www.nvidia.com/download/index.aspx
Users of Nvidia’s GeForce Experience software should also have the update available to them automatically, allowing them to install with ease.

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

You May Also Like

Threat

Apr. 11, 2023

Yum Brands Reports Breach After Ransomware Attack

Yum Brands, the parent company of popular fast-food chains KFC, Pizza Hut, and Taco Bell, has disclosed a data breach after a ransomware attack…

Read More

Threat

Apr. 11, 2023

Apple Releases Emergency Updates For Older iOS Devices After Recent Discovery Of Zero-Day Vulnerabilities

Read More

Threat

Apr. 10, 2023

Various Industries in Israel Dealing with Cyber Issues

Read More