Eight security issues were discovered (and patched) in the NVIDIA GPU Display Driver software, with one of the vulnerabilities affecting both Linux and Windows systems. The vulnerabilities could lead to code execution, escalation of privileges, denial of service attacks, and information disclosure.
Even though the vulnerabilities require local access, hackers can still exploit them with the help of malicious software installed on a system running the vulnerable driver. The vulnerabilities in question are CVE 2019 5665, CVE 2019 5666, CVE 2019 5667, CVE 2019 5668, CVE 2019 5669, CVE 2019 5670, CVE 2019 5671, CVE 2018 6260.
The first five vulnerabilities were given 8.8 base score, and the other three – 7.8, 6.5, and 2.2. The lowest score is given to CVE 2018 6260, the only vulnerability affecting both Linux and Windows.
It should be noted that “the NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation”.
NVIDIA GPU Display Driver Vulnerabilities: Technical Details
CVE-2019-5665 is a vulnerability residing in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This can lead to [wplinkpreview url=”https://sensorstechforum.com/malicious-windows-10-shortcuts-allow-code-execution/”]code execution, denial of service or escalation of privileges on unpatched systems.
CVE-2019-5666 is a vulnerability located in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext. The exploit of this flaw may lead to denial of service or escalation of privileges, as described in the official advisory.
CVE-2019-5667 is a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable. Its exploit could lead to code execution, denial of service or escalation of privileges.
CVE-2019-5668 is also a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, this time for DxgkDdiSubmitCommandVirtual. Its exploit may lead to denial of service or escalation of privileges.
CVE-2019-5669 is a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer. However, it uses an incorrect length value that causes it to access memory outside of the bounds of the buffer. This behavior may lead to denial of service or escalation of privileges.
CVE-2019-5670 is a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory outside of the bounds of the buffer. This behavior may lead to denial of service, escalation of privileges, code execution or information disclosure.
CVE-2019-5671 is a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the software does not release a resource after its effective lifetime has ended, potentially leading to denial of service.
CVE-2018-6260 is a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. The exploit requires local user access, with the flaw not being a network or remote attack vector.
Affected systems should be patched immediately by downloading and installing the software update through NVIDIA Driver Downloads.
To protect your system, download and install this software update through NVIDIA Driver Downloads.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: