Nvidia Patches High-Risk Flaws In Windows Display Drivers

Nvidia has fixed bugs in its Windows drivers that could allow local code execution, denial of service, or escalation of privileges attacks.

Three of the issues ranked as high-severity flaws, with another two given medium-severity ratings.

All five of the bugs require local access to exploit and attacks cannot be carried out remotely.

Nevertheless, Nvidia urged users to downlaod updated drivers for GeForce, Quadro, NVS, and Tesla display drivers right away from its website or from system makers.

High risk

The most severe bug, given a ranking of 8.8 out of 10, could allow an attacker to execute malicious code, temporarily render a system unusable or acquire escalated security privileges. The bug, CVE‑2019‑5683, affects the video driver’s trace logger component.

“When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks,” Nvidia said in an advisory.

The other two high-risk flaws, CVE‑2019‑5684 and CVE‑2019‑5685, affect DirectX drivers and could be exploited by specially crafted shaders to cause an out of bounds access and lead to denial of service or code execution.

Denial of service

Both were discovered by Cisco Talos’ Piotr Bana.

Nvidia also warned of two medium-risk bugs, CVE‑2019‑5686 and CVE‑2019‑5687, both affecting the kernel mode layer.  The former could lead to denial of service while the later could shut down a system or leak information.

Nvidia released the fixes as part of its August 2019 security update.

The GPUs manufactured by Nvidia are mainly associated with graphics, but have increasingly become used for tasks associated with artificial intelligence.