NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux

NVIDIA released a security update for the NVIDIA GPU Display Driver software to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines.

While all these software flaws require local user access and cannot be exploited remotely, attackers could take advantage of them by remotely planting malicious tools through various means on a system running a vulnerable NVIDIA GPU Display Driver.

The issues come with CVSS V3 base scores ranging from 2.2 to 8.8, with five of them having received an 8.8 risk assessment from NVIDIA (all of them impacting the NVIDIA Windows GPU Display Driver), while the 2.2 base score was assigned to the only flaw affecting both Windows and Linux machines.

Systems running unpatched NVIDIA graphics drivers exposed

By triggering the CVEs that lead to a denial of service state, potential attackers can render vulnerable machines unusable, while taking advantage of unpatched code execution vulnerabilities they can run commands or code on the compromised machine.

Would-be attackers can also collect valuable information about systems running an outdated version of NVIDIA GPU Display Driver by exploiting the issues that lead to information disclosure.

On the other hand, escalation of privileges CVEs make it possible for attackers to elevate their privileges, gaining permissions beyond the ones initially granted by the system.

The software flaws fixed by NVIDIA in their February 2019 security update are listed below, together with a full description and the CVSS V3 Base Score assigned to each of them.

CVE Description CVSS V3 Base Score
CVE‑2019‑5665 NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges. 8.8
CVE‑2019‑5666 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges. 8.8
CVE‑2019‑5667 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges. 8.8
CVE‑2019‑5668 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges. 8.8
CVE‑2019‑5669 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges. 8.8
CVE‑2019‑5670 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure. 7.8
CVE‑2019‑5671 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of service. 6.5
CVE‑2018‑6260 NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This vulnerability is not a network or remote attack vector. 2.2

According to NVIDIA:

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

The NVIDIA GPU Display Driver – February 2019 security bulletin also contains the full list of software products affected by the security issues patched by NVIDIA in their February 2019 Security Update.

All users are advised to update their drivers as soon as possible by applying the security update available on the NVIDIA Driver Downloads page.

While installing the software update is enough to fix the security issues in the table above, there is one exception, the cross-platform issue tracked as CVE-2018-6260 which requires some extra steps:

  • Windows Graphics Driver:Refer to the Developer->Manage GPU Performance Counters section of the NVIDIA Control Panel Help for the additional steps required. If you are an enterprise customer, refer to the instructions in the Product Release Notes.
  • Linux Graphics Driver:Refer to the Restricting Access to GPU Performance Counters section of the Linux driver Readme

Related posts: