NVIDIA has released an update for its GPU Display Driver to address 29 vulnerabilities which could be exploited to achieve code execution, denial of service, escalation of privileges, information disclosure, or data tampering. The two most serious issues, both of which affect NVIDIA GPU Display Driver for Windows, are “a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application … [and] a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write.”
Note
- The vulnerabilities are on both Linux and Windows systems, so you need to deploy the update to both platforms. The Linux updates address weaknesses in the kernel mode layer of the driver which could be leveraged for DOS, code execution, data tampering or information disclosure.
Read more in