SB2022120170 - Multiple vulnerabilities in nVidia GeForce driver for Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022120170

SB2022120170 - Multiple vulnerabilities in nVidia GeForce driver for Windows

Published: December 1, 2022 Updated: April 11, 2023

Security Bulletin ID SB2022120170
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2022-34683)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape within the NVIDIA GPU Display Driver for Windows. A local user can perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2022-34681)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the NVIDIA GPU Display Driver for Windows (nvlddmkm.sys). A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2022-34678)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the NVIDIA GPU Display Driver for Windows and Linux. A local user can perform a denial of service (DoS) attack.


4) Improper Privilege Management (CVE-ID: CVE-2022-42266)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape within the NVIDIA GPU Display Driver for Windows. A local user can gain access to sensitive information.


5) Improper Privilege Management (CVE-ID: CVE-2022-34672)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the NVIDIA Control Panel for Windows. A local user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.


6) Out-of-bounds write (CVE-ID: CVE-2022-34671)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the NVIDIA GPU Display Driver for Windows. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


7) Improper Privilege Management (CVE-ID: CVE-2022-34669)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the NVIDIA GPU Display Driver for Windows. A local user can access or modify system files or other files that are critical to the application and escalate privileges on the system.


Remediation

Install update from vendor's website.

References