PC graphics card manufacturer NVIDIA has reported a new vulnerability within its GPU drivers that, if left unpatched, may even cause a DoS attack. The vulnerability, CVE-2022-34666, can allow a local user with “basic capabilities” to cause a null-pointer to dereference, leading to “denial of service” attacks. The vulnerability impacts Windows and Linux machines and exists within the kernel mode layer.
NVIDIA GPUs are the go-to graphics cards for gamers and typical PC users. These graphics cards provide ample power to render high-quality graphics in video games and support intense image, video, and 3D model rendering. However, since these graphics cards have an optional component — not necessarily required by the processor, it uses some drivers that connect them to the machine.
According to the National Vulnerability Database, the vulnerability offers an opening for a local user, who could launch a Denial-of-Service (DoS) attack. Threat actors do this by flooding the target device with large amounts of incoming traffic or sending information to trigger a crash. The popular attack method can shut down the target machine or network, making it inaccessible to its users and admins.
The NVD has given a severity score of 6.5 medium to the vulnerability, and has given an vector ID of CVSS: 3.1/AV:L/AC:L/PR:L/UI:N?S:C/C:N/I:N/A:H. At the time of writing this, NVIDIA has not released any update to the vulnerability or security patches that could be updated from the website. The gaming company might release an update soon so all the NVIDIA users are requested to keep checking the NVIDIA official website for some updates.
On November 1, 2022, the gaming company revealed one more vulnerability that could impact OpenSSL, and reported that it is working towards analyzing the program running on its systems to ascertain the potential consequences and relevance to its goods and services. NVIDIA is taking the necessary actions to lessen any potential effects and provide the required patches, the company said.