⚡ TL;DR | Go Straight to the NVIDIA GPU Vulnerabilities Report
NVIDIA released a new security bulletin announcing a software security update for NVIDIA GPU Display Driver. The update addresses 11 vulnerabilities with a CVSS base score between 7.8 and 5.5. These affect Geforce, RTX, Quadro, and Tesla graphics cards and may lead to denial of service, information disclosure, escalation of privileges, code execution, or data tampering.
The 5 most severe vulnerabilities addressed all have a CVSS base score of 7.8. Two of these concern a vulnerability in the kernel mode layer (nvlddmkm.sys) in the NVIDIA GPU Display Driver for Windows, where a local user with basic capabilities can cause an out-of-bounds write (CVE-2022-31610) or read (CVE-2022-31617) respectively. This may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Another severe vulnerability (CVE-2022-31606) is also found in the NVIDIA GPU Display Driver for Windows, this time in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape. Here a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode. This could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
You can find more details on all 11 vulnerabilities listed below.
Update Vulnerable Display Drivers
The bulletin contains a list of all affected display driver versions and the new driver versions that contain a fix. Those are version 473.81 for driver branch R470, 516.94 for branch R515, and 513.46 for branch R510. All prior driver versions are still affected by the listed vulnerabilities. The updated driver version for Driver branch R515 for GeForce on Windows will become available in the week of August 8th. You can download and install the software update through the NVIDIA Driver Downloads page.
Discover Vulnerable Devices
NVIDIA’s security bulletin contains a list of all display driver versions and the new driver versions that contain a fix. We’ve used this information to create a special Lansweeper report that will provide a list of all devices in your environment that are affected by the vulnerabilities. This way you have an actionable list of devices that require a display driver update.
NVIDIA August 2022 CVE Codes & Titles
| CVE ID | Description | Base Score |
| CVE-2022-31606 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. | 7.8 |
| CVE-2022-31607 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | 7.8 |
| CVE-2022-31608 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 |
| CVE-2022-31610 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys),where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 |
| CVE-2022-31617 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys),where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 |
| CVE-2022-31612 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. | 7.1 |
| CVE-2022-31613 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. | 7.1 |
| CVE-2022-34665 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 6.5 |
| CVE-2022-34666 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 6.5 |
| CVE-2022-31616 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | 6.1 |
| CVE-2022-31615 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 |
