Categories: SecurityWorkspace

Nvidia Patches High-Risk Flaws In Windows Display Drivers

Nvidia has fixed bugs in its Windows drivers that could allow local code execution, denial of service, or escalation of privileges attacks.

Three of the issues ranked as high-severity flaws, with another two given medium-severity ratings.

All five of the bugs require local access to exploit and attacks cannot be carried out remotely.

Nevertheless, Nvidia urged users to downlaod updated drivers for GeForce, Quadro, NVS, and Tesla display drivers right away from its website or from system makers.


High risk

The most severe bug, given a ranking of 8.8 out of 10, could allow an attacker to execute malicious code, temporarily render a system unusable or acquire escalated security privileges. The bug, CVE‑2019‑5683, affects the video driver’s trace logger component.

“When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks,” Nvidia said in an advisory.

The other two high-risk flaws, CVE‑2019‑5684 and CVE‑2019‑5685, affect DirectX drivers and could be exploited by specially crafted shaders to cause an out of bounds access and lead to denial of service or code execution.

Denial of service

Both were discovered by Cisco Talos’ Piotr Bana.

Nvidia also warned of two medium-risk bugs, CVE‑2019‑5686 and CVE‑2019‑5687, both affecting the kernel mode layer.  The former could lead to denial of service while the later could shut down a system or leak information.

Nvidia released the fixes as part of its August 2019 security update.

The GPUs manufactured by Nvidia are mainly associated with graphics, but have increasingly become used for tasks associated with artificial intelligence.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

16 hours ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

17 hours ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

18 hours ago

Robot To Retrieve Fuel From Fukushima Nuclear Plant

Two week mission for robot to retrieve sample of melted fuel debris from inside one…

21 hours ago

OpenAI Valued At $150Bn In Funding Talks – Report

More cash required. Latest funding talks with investors reportedly values AI startup OpenAI at $150…

21 hours ago

LUMI – The Most Powerful Supercomputer In Europe

Silicon tours the facilities housing Europe's most powerful supercomputer, and the fifth most powerful supercomputer…

23 hours ago