NVIDIA has released graphics driver updates to fix various vulnerabilities, including four CVEs with a “high severity” rating. CVE202228181 and CVE202228182 (CVSS score of 8.5) are the most serious of these flaws, according to NVIDIA, and might result in “code execution, denial of service, escalation of privileges, information leakage, and data tampering.”
An “unauthorised attacker on the network” may use both security flaws to perform “an out-of-bounds write through a specially written shader.” While CVE202228181 affects both the Windows and Linux versions of NVIDIA’s GPU display drivers, the firm claims that CVE202228182 affects the Windows DirectX11 user-mode driver.
Cisco Talos security researchers discovered the flaws, claiming that CVE-202228182 specifies three memory corruption concerns found in NVIDIA D3D10 Driver version 496.76, 30.0.14.9676.
Read More: https://www.securityweek.com/nvidia-patches-code-execution-vulnerabilities-graphics-driver
