Nvidia’s November 2022 display driver updates patch 29 vulnerabilities impacting Windows and Linux products, including ten high-severity issues.
The most serious security flaw is CVE-2022-34669 (CVSS 8.8), a problem in Nvidia’s Windows driver’s user mode layer that could be used by an unprivileged attacker to gain access to or modify system files or other files the driver uses. According to Nvidia, a successful exploit of the flaw could give the assailant access to restricted data, the ability to modify data, escalate privileges, and the ability to execute arbitrary code. The Windows driver also contains CVE-2022-34671, an out-of-bounds write vulnerability with a CVSS score of 8.5 that has the potential to cause similar consequences.
A flaw in the Nvidia Control Panel for Windows could give an unauthorized attacker access to sensitive information, elevate their privileges, or run commands.