PRUEBA AHORA
Vulnerability

NVIDIA Fixes 25 GPU Display Driver Vulnerabilities

7 min. read
02/12/2022
By Laura Libeer
Nvidia-Vulnerability_Featured

⚡ TL;DR | Go Straight to the NVIDIA GPU Vulnerabilities Report

NVIDIA released another security bulletin announcing a software security update for NVIDIA GPU Display Driver. The update addresses 25 vulnerabilities with a CVSS base score between 8.8 and 4.4. These affect Geforce, Studio, RTX, Quadro, NVS, and Tesla graphics cards. They may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering. For your organization that could mean severe disruptions in processes and sensitive data being compromised.

CVE-2022-34669 and CVE-2022-34671

The 2 most severe vulnerabilities CVE-2022-34669 and CVE-2022-34671 have CVSS base scores of 8.8 and 8.5 respectively. Both are located in the user mode layer. CVE-2022-34669 could allow an unprivileged regular user to access or modify system files or other files that are critical to the application. CVE-2022-34671 could allow an unprivileged regular user to cause an out-of-bounds write. Both of these vulnerabilities could lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. CVE-2022-34671 has a slightly lower severity rating because its complexity makes it harder to exploit.

Other vulnerabilities addressed in this update, though less severe, still have CVSS scores ranging up to 7.8. You can find the full list below. You can also find more information in NVIDIA’s security bulletin.

Update Vulnerable Display Drivers

NVIDIA’s bulletin contains a list of all affected display driver versions and the new driver versions that contain a fix, both for Windows and for Linux. You can find a copy of the lists below. All prior driver versions are still affected by the listed vulnerabilities. You can download and install the software update through the NVIDIA Driver Downloads page.

NVIDIA GPU Vulnerability updated driver versions Windows

NVIDIA GPU Vulnerability updated driver versions Linux

Discover Vulnerable Devices

Using the list of updated driver versions provided by NVIDIA, our team has created a special Lansweeper report. It will provide a list of all Windows devices in your environment that are affected by the GPU vulnerabilities. This way you have an actionable list of devices that require a display driver update.

NVIDIA December 2022 CVE Codes

CVEDescriptionBase Score
CVE-2022-34669NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.8.8
CVE-2022-34671NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.8.5
CVE-2022-34672NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.7.8
CVE-2022-34670NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.7.8
CVE-2022-42263NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.7.1
CVE-2022-34676NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.7.1
CVE-2022-42264NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.7.1
CVE-2022-34674NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.6.8
CVE-2022-34678NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.6.5
CVE-2022-34679NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.5.5
CVE-2022-34680NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.5.5
CVE-2022-34677NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.5.5
CVE-2022-34681NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.5.5
CVE-2022-34682NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service5.5
CVE-2022-34683NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a null-pointer dereference occurs, which may lead to denial of service.5.5
CVE-2022-42266NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.5.5
CVE-2022-42257NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.5.3
CVE-2022-42265NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.5.3
CVE-2022-34684NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.5.3
CVE-2022-42254NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.5.3
CVE-2022-42258NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.5.3
CVE-2022-42255NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.5.3
CVE-2022-42256NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.5.3
CVE-20223-4673NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.4.4
CVE-2022-42259NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.4.4