PRUEBA AHORA
Vulnerability

NVIDIA Fixes 11 GPU Display Driver Vulnerabilities

5 min. read
03/08/2022
By Laura Libeer
Nvidia-Vulnerability_Featured

⚡ TL;DR | Go Straight to the NVIDIA GPU Vulnerabilities Report

NVIDIA released a new security bulletin announcing a software security update for NVIDIA GPU Display Driver. The update addresses 11 vulnerabilities with a CVSS base score between 7.8 and 5.5. These affect Geforce, RTX, Quadro, and Tesla graphics cards and may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.

The 5 most severe vulnerabilities addressed all have a CVSS base score of 7.8. Two of these concern a vulnerability in the kernel mode layer (nvlddmkm.sys) in the NVIDIA GPU Display Driver for Windows, where a local user with basic capabilities can cause an out-of-bounds write (CVE-2022-31610) or read (CVE-2022-31617) respectively. This may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Another severe vulnerability (CVE-2022-31606) is also found in the NVIDIA GPU Display Driver for Windows, this time in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. Here a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode. This could lead to denial of service, information disclosure, escalation of privileges, or data tampering.

You can find more details on all 11 vulnerabilities listed below.

Update Vulnerable Display Drivers

The bulletin contains a list of all affected display driver versions and the new driver versions that contain a fix. Those are version 473.81 for driver branch R470, 516.94 for branch R515, and 513.46 for branch R510. All prior driver versions are still affected by the listed vulnerabilities. The updated driver version for Driver branch R515 for GeForce on Windows will become available in the week of August 8th. You can download and install the software update through the NVIDIA Driver Downloads page.

image

Discover Vulnerable Devices

NVIDIA’s security bulletin contains a list of all display driver versions and the new driver versions that contain a fix. We’ve used this information to create a special Lansweeper report that will provide a list of all devices in your environment that are affected by the vulnerabilities. This way you have an actionable list of devices that require a display driver update.

NVIDIA August 2022 CVE Codes & Titles

CVE IDDescriptionBase Score
CVE-2022-31606NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.7.8
CVE-2022-31607NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.7.8
CVE-2022-31608NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file,
where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
7.8
CVE-2022-31610NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys),
where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
7.8
CVE-2022-31617NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys),
where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
7.8
CVE-2022-31612NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.7.1
CVE-2022-31613NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.7.1
CVE-2022-34665NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.6.5
CVE-2022-34666NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer,
where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
6.5
CVE-2022-31616NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.6.1
CVE-2022-31615NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.5.5