CVE-2022-34676

Vulnerability

The NVIDIA GPU Display Driver for Linux contains an out-of-bounds read vulnerability in the kernel mode layer (KML) handler. This bug can be triggered by a specially crafted request, allowing an attacker to read memory beyond the intended buffer. The affected versions include all NVIDIA driver branches before the patched releases: 470.x before 470.182.03, 515.x before 515.105.01, 525.x before 525.105.17, and 530.x before 530.41.03 [1]. The vulnerability is reachable under standard operating conditions without special configuration.

Exploitation

To exploit this vulnerability, an attacker requires local access to the system and the ability to issue I/O control calls (ioctls) to the NVIDIA kernel driver. No authentication beyond the local user session is required. The attacker can send a malformed command that triggers the out-of-bounds read, leading to unauthorized memory access [1]. The exact sequence of steps is not disclosed, but the flaw resides in the kernel mode layer handler which processes user-space inputs.

Impact

Successful exploitation results in one or more of the following: denial of service (system crash or hang), information disclosure (leakage of sensitive kernel memory), or data tampering (corruption of memory contents). The attacker gains no privilege escalation explicitly, but the ability to read and corrupt kernel memory could contribute to further compromise. The impact is limited to the affected system [1].

Mitigation

NVIDIA has released fixed versions for all affected driver branches: 470.182.03, 515.105.01, 525.105.17, and 530.41.03. Users should upgrade to these versions or later. Gentoo Linux provides updated ebuilds via the package manager: emerge --sync followed by emerge --oneshot --verbose ">=x11-drivers/nvidia-drivers-:" [1]. There is no known workaround; the only mitigation is to apply the patches.