NVIDIA GPU Display Driver Needs Patching after Disclosure of 8 Issues
NEWS

NVIDIA GPU Display Driver Needs Patching after Disclosure of 8 Issues

Eight security issues were discovered (and patched) in the NVIDIA GPU Display Driver software, with one of the vulnerabilities affecting both Linux and Windows systems. The vulnerabilities could lead to code execution, escalation of privileges, denial of service attacks, and information disclosure.




Even though the vulnerabilities require local access, hackers can still exploit them with the help of malicious software installed on a system running the vulnerable driver. The vulnerabilities in question are CVE 2019 5665, CVE 2019 5666, CVE 2019 5667, CVE 2019 5668, CVE 2019 5669, CVE 2019 5670, CVE 2019 5671, CVE 2018 6260.

The first five vulnerabilities were given 8.8 base score, and the other three – 7.8, 6.5, and 2.2. The lowest score is given to CVE 2018 6260, the only vulnerability affecting both Linux and Windows.

It should be noted that “the NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation”.

NVIDIA GPU Display Driver Vulnerabilities: Technical Details

CVE-2019-5665 is a vulnerability residing in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This can lead to

Computer hackers have devised a new way to infect target hosts by using malicious Windows 10 shortcuts, read about it in our article to learn more
code execution, denial of service or escalation of privileges on unpatched systems.

CVE-2019-5666 is a vulnerability located in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext. The exploit of this flaw may lead to denial of service or escalation of privileges, as described in the official advisory.

Related:
Critical vulnerabilities are often leveraged in attack scenarios, varying from denial-of-service to malware infiltration cases. A serious vulnerability was recently patched, the kind that would allow attackers to carry out denial-of-service attacks via the Berkeley Internet Name Domain (BIND) exploits....Read more
BIND Vulnerability CVE-2016-2776 Could Cause DoS Attacks

CVE-2019-5667 is a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable. Its exploit could lead to code execution, denial of service or escalation of privileges.

CVE-2019-5668 is also a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, this time for DxgkDdiSubmitCommandVirtual. Its exploit may lead to denial of service or escalation of privileges.

CVE-2019-5669 is a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer. However, it uses an incorrect length value that causes it to access memory outside of the bounds of the buffer. This behavior may lead to denial of service or escalation of privileges.

CVE-2019-5670 is a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory outside of the bounds of the buffer. This behavior may lead to denial of service, escalation of privileges, code execution or information disclosure.

CVE-2019-5671 is a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the software does not release a resource after its effective lifetime has ended, potentially leading to denial of service.

CVE-2018-6260 is a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. The exploit requires local user access, with the flaw not being a network or remote attack vector.

Affected systems should be patched immediately by downloading and installing the software update through NVIDIA Driver Downloads.

To protect your system, download and install this software update through NVIDIA Driver Downloads.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...