14 DAY TRIAL // NVIDIA has released a new set of security fixes that are aimed at vulnerabilities allowing for, in the company’s own words, denial of service, information disclosure, or data tampering.
But as noted by GHacks, the bigger news is that NVIDIA’s new security updates even targets products that have already been abandoned, including the Kepler-series graphics that are officially out of support.
However, NVIDIA is still rolling out security updates for these products, though on the other hand, no new Game Ready drivers are being rolled out.
The company describes a total of 10 vulnerabilities in its products, affecting both Windows and Linux drivers.
“NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components,” NVIDIA says about the vulnerability documented in CVE-2022-28181.
Patch systems as soon as possible
In the case of Windows systems, NVIDIA also resolved a security vulnerability related to DirectX 11 drivers.
“NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components,” it says.
Needless to say, users are recommended to update their NVIDIA drivers and install these latest security patches as soon as possible, especially given that two vulnerabilities have received a base score of 8.5. In other words, patching them as soon as possible should be a top priority for all devices with NVIDIA drivers.