Nvidia has released a security update to fix 10 vulnerabilities in its GPU drivers, including four high-severity vulnerabilities and six medium-severity vulnerabilities.<\/p>\n
The four high severity flaws include CVE-2022-28181, CVE-2022-28182, CVE-2022-28183 and CVE-2022-28184.<\/p>\n
CVE-2022-28181 (CVSS v3 score: 8.5) is an out-of-bounds bug caused by a specially crafted shader sent over the network. If exploited, this bug can lead to code execution, denial of service, privilege escalation, disclosure of information, and data manipulation.<\/p>\n
CVE-2022-28182 (CVSS v3 score: 8.5) is a bug in the DirectX11 user mode driver. This bug allows an unauthorized attacker to send a specially crafted shader over the network. It may also cause a denial of service, privilege escalation, information disclosure, and data manipulation.<\/p>\n
CVE-2022-28183 (CVSS v3 score: 7.7) is a bug found in the kernel mode layer. It allows an unprivileged regulator to initiate an unrestricted read that may lead to denial of service and disclosure of information.<\/p>\n
CVE-2022-28184 (CVSS v3 score: 7.7) is a vulnerability in the kernel mode layer that allows a regular unprivileged user to access administrator-privileged registers, resulting in denial of service, disclosure of information, and data manipulation.<\/p>\n
The vulnerabilities require low privileges and no user interaction, so they can be embedded in malware. This allows the attacker to execute commands with higher privileges.<\/p>\n
The updates have been provided for Tesla, RTX\/Quadro, NVS, Studio, and GeForce software products covering driver branches R450, R470, and R510.<\/p>\n