HardwareNews

Nvidia Patches five critical vulnerabilities rated on the base points from 5.2 to 8.8.

Nvidia has patched five vulnerabilities which affected the display drivers of Windows 7 through 10 across platforms like GeForce, Quadro, NVS, and Tesla GPU. The vulnerabilities had a high risk of denial service, escalation of privileges and local code execution if left unpatched. 

It can be sourced to the player’s interest in updating the graphics card without ensuring that the drive is up to date. The report came out with the Friday bulletin of Nvidia, officially announcing the threats and their patches.

The Vulnerabilities were :

  •  CVE‑2019‑5683: “NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.” BASE SCORE: 8.8
  • CVE‑2019‑5684: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.” BASE SCORE 7.8
  • CVE‑2019‑5685: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.” BASE SCORE-7.8
  • CVE‑2019‑5686: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.” BASE SCORE: 5.6
  • CVE‑2019‑5687: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.” BASE SCORE 5.2

In the acknowledgment section, Nvidia mentioned that:

NVIDIA thanks Piotr Bania of Cisco Talos for reporting the following issues:

  • CVE-2019-5684
  • CVE-2019-5685”

For help regarding manually updating the GeForce Driver, refer to the post by LifeHacker. Ultimately it becomes important to discuss how crucial has security as a matter of luxury and rare fate has turned out to be in this generation.

Tags

Joseph Wright

Joseph is based out of California, writes about the tech industry and things happening inside the tech startups. He likes to play Games on his consoles.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close