[!] NVIDIA releases GPU driver update to fix 29 security flaws

MarsM4N · Dec 2, 2022

NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation. The latest security update addresses 25 vulnerabilities on the Windows and Linux GPU drivers, while seven flaws are categorized as high-severity.

The two most critical vulnerabilities are:

CVE-2022-34669 (CVSS v3.1: 8.8) – Locally exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to access or modify files critical to the application, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.
CVE-2022-34671 (CVSS v3.1: 8.5) – Remotely exploited user mode flaw in the Windows GPU driver allowing an unprivileged regular user to cause an out-of-bounds write, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service.

NVIDIA releases GPU driver update to fix 29 security flaws

NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

www.bleepingcomputer.com

Members of "Team Green" better update their drivers ASAP! :shadedshu:

Solaris17 · Dec 2, 2022

MarsM4N said:

MarsM4N said:
high-severity flaw

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

wolf · Dec 2, 2022

MarsM4N said:
Members of "Team Green" better update their drivers ASAP!

Unless you have a compelling reason to be on older drivers, users from either "Team" should be updating their drivers. Certainly seems like "Team Red" has their fair share.

Side note, I think this Team thing is ultra dumb.

MarsM4N · Dec 2, 2022

wolf said:
Unless you have a compelling reason to be on older drivers, users from either "Team" should be updating their drivers. Certainly seems like "Team Red" has their fair share.

Side note, I think this Team thing is ultra dumb.

Was just a heads up for folks to keep their drivers up to date.

And the "Team Green" was just a side kick for the "Nvidia has superior drivers" users.

thesmokingman · Dec 2, 2022

It's lame that there is no universal safe zone anymore, nothing sacred. Hackers now going after gamers and our hardware.

eidairaman1 · Dec 2, 2022

wolf said:
Unless you have a compelling reason to be on older drivers, users from either "Team" should be updating their drivers. Certainly seems like "Team Red" has their fair share.

Side note, I think this Team thing is ultra dumb.

Even when the latest drivers cause problems?

Idts

claes · Dec 2, 2022

Why are you so mean on a tech forum lol

wolf · Dec 2, 2022

eidairaman1 said:
Even when the latest drivers cause problems?

I think this was adequately covered by my comment.

wolf said:
Unless you have a compelling reason to be on older drivers, users from either "Team" should be updating their drivers.

There certainly are compelling reasons not to, but those will vary wildly from user to user.

Frick · Dec 2, 2022

wolf said:
Unless you have a compelling reason to be on older drivers, users from either "Team" should be updating their drivers. Certainly seems like "Team Red" has their fair share.

Side note, I think this Team thing is ultra dumb.

I do the opposite: I only ever update drivers if I have to.

birdie · Dec 2, 2022

So much fear-mongering it's almost stultifying.

All GPU vendors constantly release security updates for their drivers, that includes not only NVIDIA but AMD, Intel, Google, Qualcomm or even Apple.
Almost all these vulnerabilities are near impossible to exploit remotely because at the very least they require you to run WebGL which not that many websites do. And to be honest I don't remember any GPU vulnerabilities over the past decade if ever which have been exploited by using WebGL.
Those deemed critical in terms of running code locally require you to basically download and intentionally run malware. If you have any half-decent Windows antivirus those will be stopped right away. Even Windows Defender will prevent such malware from running. It's a lot easier to just email you basic malware which will install itself into any of five dozen Autorun locations in Windows and not bother with getting Administrator privileges which are redundant for absolute home users out there 'cause you have all your passwords stored in your user account anyways.

claes · Dec 2, 2022

More, vulnerabilities are typically found by the developers themselves or reported before they’re exploited. Most security vulnerabilities aren’t “out in the world” before they’re patched.

R-T-B · Dec 2, 2022

thesmokingman said:
It's lame that there is no universal safe zone anymore, nothing sacred. Hackers now going after gamers and our hardware.

Hackers have always been after whatever is available. You were always a target since day 1.

birdie said:
So much fear-mongering it's almost stultifying.

All GPU vendors constantly release security updates for their drivers, that includes not only NVIDIA but AMD, Intel, Google, Qualcomm or even Apple.

Almost all these vulnerabilities are near impossible to exploit remotely because at the very least they require you to run WebGL which not that many websites do. And to be honest I don't remember any GPU vulnerabilities over the past decade if ever which have been exploited by using WebGL.

Those deemed critical in terms of running code locally require you to basically download and intentionally run malware. If you have any half-decent Windows antivirus those will be stopped right away. Even Windows Defender will prevent such malware from running. It's a lot easier to just email you basic malware which will install itself into any of five dozen Autorun locations in Windows and not bother with getting Administrator privileges which are redundant for absolute home users out there 'cause you have all your passwords stored in your user account anyways.

Also, this. Storm in a friggin teacup. Your more likely to get a virus from gmod lua scripts. If you don't depend on user-admin isolation to function, don't fret this.

System Name	✨ Lenovo M700 [Tiny]
Cooling	⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO²
Audio Device(s)	◐◑ AKG K702 ⌬ FiiO E10K Olympus 2
Mouse	✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura
Keyboard	⌨ Turtle Beach Impact 500

System Name	Rocinante
Processor	I9 14900KS
Motherboard	EVGA z690 Dark KINGPIN (modded BIOS)
Cooling	EK-AIO Elite 360 D-RGB
Memory	64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s)	MSI SUPRIM Liquid X 4090
Storage	1x 500GB 980 Pro \| 1x 1TB 980 Pro \| 1x 8TB Corsair MP400
Display(s)	Odyssey OLED G9 G95SC
Case	Lian Li o11 Evo Dynamic White
Audio Device(s)	Moondrop S8's on Schiit Hel 2e
Power Supply	Bequiet! Power Pro 12 1500w
Mouse	Lamzu Atlantis mini (White)
Keyboard	Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD	Quest 3
Software	Windows 11
Benchmark Scores	I dont have time for that.

System Name	MightyX
Processor	Ryzen 5800X3D
Motherboard	Gigabyte X570 I Aorus Pro WiFi
Cooling	Scythe Fuma 2
Memory	32GB DDR4 3600 CL16
Video Card(s)	Asus TUF RTX3080 Deshrouded
Storage	WD Black SN850X 2TB
Display(s)	LG 42C2 4K OLED
Case	Coolermaster NR200P
Audio Device(s)	LG SN5Y / Focal Clear
Power Supply	Corsair SF750 Platinum
Mouse	Corsair Dark Core RBG Pro SE
Keyboard	Glorious GMMK Compact w/pudding
VR HMD	Meta Quest 3
Software	case populated with Artic P12's
Benchmark Scores	4k120 OLED Gsync bliss

System Name	✨ Lenovo M700 [Tiny]
Cooling	⚠️ 78,08% N² ⌬ 20,95% O² ⌬ 0,93% Ar ⌬ 0,04% CO²
Audio Device(s)	◐◑ AKG K702 ⌬ FiiO E10K Olympus 2
Mouse	✌️ Corsair M65 RGB Elite [Black] ⌬ Endgame Gear MPC-890 Cordura
Keyboard	⌨ Turtle Beach Impact 500

Processor	AMD 5900x
Motherboard	Asus x570 Strix-E
Cooling	Hardware Labs
Memory	G.Skill 4000c17 2x16gb
Video Card(s)	RTX 3090
Storage	Sabrent
Display(s)	Samsung G9
Case	Phanteks 719
Audio Device(s)	Fiio K5 Pro
Power Supply	EVGA 1000 P2
Mouse	Logitech G600
Keyboard	Corsair K95

[!] NVIDIA releases GPU driver update to fix 29 security flaws

MarsM4N

NVIDIA releases GPU driver update to fix 29 security flaws

Solaris17

Super Dainty Moderator

wolf

Performance Enthusiast

MarsM4N

thesmokingman

eidairaman1

The Exiled Airman

claes

wolf

Performance Enthusiast

Frick

Fishfaced Nincompoop

birdie

claes

R-T-B

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	boomer--->zoomer not your typical millenial build
Processor	i5-760 @ 3.8ghz + turbo ~goes wayyyyyyyyy fast cuz turboooooz~
Motherboard	P55-GD80 ~best motherboard ever designed~
Cooling	NH-D15 ~double stack thot twerk all day~
Memory	16GB Crucial Ballistix LP ~memory gone AWOL~
Video Card(s)	MSI GTX 970 ~~GOLDEN EDITION~~ RAWRRRRRR
Storage	500GB Samsung 850 Evo (OS X, *nix), 128GB Samsung 840 Pro (W10 Pro), 1TB SpinPoint F3 ~best in class
Display(s)	ASUS VW246H ~best 24" you've seen FULL HD 1O80PP SLAPS~
Case	FT02-W ~the W stands for white but it's brushed aluminum except for the disgusting ODD bays; cries
Audio Device(s)	A LOT
Power Supply	850W EVGA SuperNova G2 ~hot fire like champagne~
Mouse	CM Spawn ~cmcz R c00l seth mcfarlane darawss~
Keyboard	CM QF Rapid - Browns ~fastrrr kees for fstr teens~
Software	integrated into the chassis
Benchmark Scores	9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999

System Name	Black MC in Tokyo
Processor	Ryzen 5 5600
Motherboard	Asrock B450M-HDV
Cooling	Be Quiet! Pure Rock 2
Memory	2 x 16GB Kingston Fury 3400mhz
Video Card(s)	XFX 6950XT Speedster MERC 319
Storage	Kingston A400 240GB \| WD Black SN750 2TB \|WD Blue 1TB x 2 \| Toshiba P300 2TB \| Seagate Expansion 8TB
Display(s)	Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case	Fractal Design Define R4
Audio Device(s)	Line6 UX1 + some headphones, Nektar SE61 keyboard
Power Supply	Corsair RM850x v3
Mouse	Logitech G602
Keyboard	Cherry MX Board 1.0 TKL Brown
VR HMD	Acer Mixed Reality Headset
Software	Windows 10 Pro
Benchmark Scores	Rimworld 4K ready!

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches
Software	Windows 11 Enterprise (legit), Gentoo Linux x64