BleepingComputer reports that Nvidia has unveiled security patches to address 10 security vulnerabilities impacting Tesla, RTX/Quadro, NVS, Studio, and GeForce driver branches R450, R470, and R510, as well as the GTX 600 and GTX 700 Kepler-series cards, which have reached end-of-life last October.
Four of the flaws including an out-of-bounds write bug in the kernel mode layer, tracked as CVE-2022-28181; a DirectX11 user mode driver vulnerability, tracked as CVE-2022-28182; a kernel mode layer flaw prompting out-of-bounds read, tracked as CVE-2022-28183; and a kernel mode layer bug for DxgkDdiEscape, tracked as CVE-2022-28184 have been given a high-severity designation, while the six others were of medium severity.
Threat actors could exploit CVE-2022-28181 to corrupt memory, according to Cisco Talos researchers, who also identified CVE-2022-28182.
"A specially-crafted executable/shader file can lead to memory corruption. [CVE-2022-28181] potentially could be triggered from guest machines running virtualization environments (i.e. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape. Theoretically this vulnerability could be also triggered from web browser using webGL and webassembly," said Cisco Talos.