CVE-2022-34679

Vulnerability

CVE-2022-34679 is a vulnerability in the NVIDIA GPU Display Driver for Linux, specifically in the kernel mode layer handler. The driver fails to properly handle a return value, leading to a null-pointer dereference. This affects NVIDIA driver branches 470, 515, 525, and 530 prior to versions 470.182.03, 515.105.01, 525.105.17, and 530.41.03, respectively [1].

Exploitation

An attacker with local access to the system can exploit this vulnerability by crafting a specific operation that triggers the unhandled return value in the kernel mode layer handler. No special privileges are required beyond standard user access. The exploitation results in a null-pointer dereference, causing the system to crash.

Impact

Successful exploitation leads to a denial of service (DoS) due to the null-pointer dereference, which causes the kernel to panic or the display driver to crash. The attacker gains no direct ability to escalate privileges or access sensitive data, but the system becomes unavailable.

Mitigation

NVIDIA has released fixed versions: for branch 470, update to version 470.182.03 or later; for branch 515, update to 515.105.01 or later; for branch 525, update to 525.105.17 or later; for branch 530, update to 530.41.03 or later [1]. There is no known workaround; users are advised to apply the updates as soon as possible.