Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.

NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that are installed on PCs. The D3D10 driver communicates between the operating system and the GPU. It’s required in most cases for the PC to function properly.

An attacker could exploit these vulnerabilities by sending the target a specially crafted executable or shader file.

These issues could also allow an adversary to perform a guest-to-host escape if they target a guest machine running virtualization environments. We specifically tested these issues with a HYPER-V guest using the RemoteFX feature, leading to the execution of vulnerable code on the HYPER-V host.

For more information on these issues, check out their advisories linked below:

• TALOS-2021-1435 (CVE-2022-28181)
• TALOS-2021-1436 (CVE-2022-28182)
• TALOS-2021-1437 (CVE-2022-28182)
• TALOS-2021-1438 (CVE-2022-28182)

Cisco Talos worked with NVIDIA to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: NVIDIA D3D10 driver 496.76, version 30.0.14.9676. Talos tested and confirmed this driver could be exploited by these vulnerabilities.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58880 - 58883, 58885, 58886, 58910 and 58911. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.