This past Friday, Nvidia noted that it had recently discovered several security flaws within its display drivers that needed updating. In a bulletin on its website, the company notes five different issues impacting Windows users running GeForce, Quadro, NVS, or Tesla editions of its cards. The various vulnerabilities could allow attacks to execute foreign code or instigate a denial-of-service attack on your computer.
Not wanting users to lose important data, Nvidia has stressed that everyone update to version 431.60 of its GeForce software (the other cards have their own specific versions). This update was released on July 23, so most of you may already have it installed. If not, it’s as easy as launching the “GeForce Experience” or navigating to Nvidia’s website to grab the update for your card.
The specific exploits are listed below.
- CVE‑2019‑5683: “NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.”
- CVE‑2019‑5684: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.”
- CVE‑2019‑5685: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.”
- CVE‑2019‑5686: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.”
- CVE‑2019‑5687: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.”
Have you been affected by this at all? Let us know, and make sure to update your Nvidia drivers!
