Security
Headlines
HeadlinesLatestCVEs

Headline

Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.

TALOS
#vulnerability#web#mac#microsoft#cisco#intel#vmware

Wednesday, August 23, 2023 12:08

Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.

Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.

The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.

All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.

An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and VirtualBox) to perform a guest-to-host escape, as we’ve illustrated with previous vulnerabilities in NVIDIA graphics drivers.

Talos’ research also indicates that these vulnerabilities could be triggered from a web browser using WebGL and WebAssembly. Our researchers triggered these issues from a HYPER-V guest using the RemoteFX feature, leading to the execution of vulnerable code on the HYPER-V host (inside the rdvgm.exe process). Microsoft recently deprecated RemoteFX, but older machines may still use this software.

Talos worked with NVIDIA to ensure these vulnerabilities are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

For Snort coverage (SIDs 61386, 61387, 61398, 61399, 61410 and 61411) that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.

Related news

CVE-2023-25517: NVIDIA Support

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to communicate between the operating system and the GPU device. This

TALOS: Latest News

New PXA Stealer targets government and education sectors for sensitive information