Nvidia fixes high severity flaws in graphics drivers for windows linux

Nvidia fixes high severity flaws in graphics drivers for windows linux
Nvidia fixes high severity flaws in graphics drivers for windows linux

NVIDIA has released solutions for multiple high-severity vulnerabilities in its graphics drivers for Windows and Linux that in some situations could result in code execution. NVIDIA creates graphics processing units (GPUs) for gaming systems, high-end PCs, and portable devices.

The graphics driver also referred to as the NVIDIA GPU Display Driver, is a piece of software that enables the device’s operating system and applications to utilize the graphics hardware that is designed specifically for avid gamers. Serious holes had already been discovered in NVIDIA’s graphics driver, including one that was made public in May that may let attackers run arbitrary code and, in some situations, accomplish guest-to-host escapes on computers that are running virtual machines.

In a security announcement on Tuesday, NVIDIA stated that the update “addresses problems that may lead to denial of service, information exposure, escalation of privileges, code execution, or data manipulation.”

The graphics driver for Windows’ kernel mode layer (nvlddmkm. sys) contains three bugs that have since been fixed by NVIDIA. A flaw in the kernel mode layer handler for the DxgkDdiEscape interface is one of these (CVE-2022-31606). An attacker “with basic user capabilities” could potentially use the interface’s improper data validation to cause out-of-bounds access in kernel mode. According to NVIDIA, this could then result in data tampering, information disclosure, privilege escalation, or denial-of-service attacks.

A local user with minimal privileges is able to “create an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information exposure, or data manipulation” thanks to two more high-severity weaknesses (CVE-2022-31617 and CVE-2022-31610). Updates for the impacted R515, R510, R470, and R450 Windows driver branch versions fix these vulnerabilities.

Two security issues related to the Linux graphics driver are also included in the security update. Improper input validation leads to one bug (CVE-2022-31607) in the kernel mode layer (Nvidia. ko). A local attacker may then be able to carry out a variety of assaults, such as denial of service attacks, privilege escalation, data tampering, and “limited information disclosure.” A second flaw (CVE-2022-31608) occurs in a D-Bus configuration file that is optional. A local user here with minimal capabilities can affect protected

Additionally, NVIDIA provided patches for a number of bugs in their VGPU software, one of which was a vGPU plugin error that permitted a guest VM to allocate resources that the guest is generally not permitted to allocate. NVIDIA claims that taking advantage of this weakness could result in information exposure, denial of service, and loss of data integrity and confidentiality.

Related Posts