CVE-2022-34671 An NVIDIA GPU Display Driver has a user mode vulnerability where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, denial of service, or escalated privileges.
This issue is due to a memory corruption vulnerability in the graphics driver. An attacker can inject malicious code into a privileged process, run a targeted attack, or simply gain remote access to a system and use this vulnerability to gain access to critical data and systems. NVIDIA is aware of reports that indicate that the patched driver version can lead to a crash of the system when receiving specially crafted WPA2 Enterprise certification messages from APs. This crash may be exploitable via remote code execution. An attacker can inject malicious code into a privileged process, run a targeted attack, or simply gain remote access to a system and use this vulnerability to gain access to critical data and systems. NVIDIA is aware of reports that indicate that the patched driver version can lead to a crash of the system when receiving specially crafted WPA2 Enterprise certification messages from APs. This crash may be exploitable via remote code execution. All users of the NVIDIA graphics driver should upgrade to version 390.77 as soon as possible. Note that the NVIDIA GPU driver is not installed by default in Microsoft Windows operating systems. Users must install the NVIDIA graphics driver. End users who are administrators or have local access to Windows machines can install the NVIDIA driver. NVIDIA is currently investigating reports that the patched driver version may lead to a crash when receiving valid WPA2 Enterprise certification messages from APs
Timeline
Published on: 12/30/2022 23:15:00 UTC
Last modified on: 01/11/2023 20:17:00 UTC