Nvidia Patches Many Vulnerabilities in Windows, Linux Display Drivers

Tracked as CVE‑2022‑42260 (CVSS score of 7.8), the most severe of these impacts a D-Bus configuration file in the vGPU display driver for Linux and could be exploited without authorization to execute code, create a DoS condition, escalate privileges, or leak or tamper with data. The chip maker also announced patches for four high-severity vulnerabilities in the kernel mode layer of its display driver for Linux, which could lead to DoS conditions, information disclosure, or data tampering. The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or other files that the driver uses.