Five security vulnerabilities have been found in the Nvidia GeForce, NVS, Quadro and Tesla GPU display drivers for Windows. Three out of the five have a high severity rating and are capable of DOS (Denial of service) attacks. Unless updated quickly, these may also escalate the privileges of the attacker to be able to carry out malware attacks.
A similar incident had occurred in May when three vulnerabilities capable of DOS and privilege escalation were found in NVIDIA GPUs. These were found and patched relatively quickly.
Due to this breach in security, NVIDIA is urging users to download the latest updates through the NVIDIA Driver Homepage. However, the warning is somewhat neutralized by the fact that potential attackers cannot exploit the vulnerabilities remotely and require local user access to run hostile code. They have to rely on user interaction to perform DOS attacks.
These vulnerabilities affect every version of Windows and the highest severity vulnerability is resting in the user mode video driver trace logger component of the Windows display driver. Another vulnerability resides in the DirectX drivers, which allow a crafted shader to cause an out of bounds access to a temporary array, ultimately leading to code execution.
Here’s what NVIDIA had to say:
“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation, it is recommended to consult a security or IT professional to evaluate the risk to your specific configuration.”
Updating your drivers as soon as possible is the best solution for now, which will eliminate all levels of risk thereby maintaining the integrity of your system. There are two update packages available, and it’s important to download the executable which is compatible with your system. Check this under the Driver type tab in the System information of the Nvidia Control Panel.
Further Reading: