Nvidia has patched a host of bugs impacting its GPU Display Driver, addressing issues that may have led to “code execution, denial of service, escalation of privileges, information disclosure, or data tampering”.
The security bulletin addressed 29 vulnerabilities in total, ranging widely in severity, which could see hardware such as its flagship GeForce and RTX line of graphics cards, and the NVIDIA Studio platform be used as vulnerable endpoints by cyber criminals.
The latest update comes as Nvidia is still displaying obvious dominance within the GPU world; Nvidia had a very significant 88% of the GPU market in Q3, compared to just 8% for AMD and 4% for Intel according to Jon Peddie Research (JPR).
What were the biggest risks?
The largest issue identified was dubbed CVE‑2022‑34669 and given a rating of 8.8. This contained a vulnerability in the user mode layer, where an unprivileged regular user could access or modify system files or other files that are critical to the application.
Coming in second place with a ranking of 8.5 was CVE‑2022‑34671, another example of a vulnerability in the user mode layer where an unprivileged regular user could cause what’s called an “out-of-bounds write”.
To avoid these types of security issues and protect your system, NVIDIA suggests downloading and installing software updates via the official NVIDIA Driver Downloads (opens in new tab) page.
Or alternatively, for the vGPU software and NVIDIA Cloud Gaming updates, you can head to the NVIDIA Licensing Portal (opens in new tab). (opens in new tab)
Via The Register (opens in new tab)