Five dangerous vulnerabilities fixed in NVIDIA graphics card drivers for Windows

NVIDIA experts found five dangerous vulnerabilities in Windows drivers for the line of GeForce graphics cards (all versions of R430 are under 430.60), Quadro (all versions of R430 are under 431.70, R418 are under 426.00, R390 are under 392.56 and all versions of R400) and Tesla (all versions of R418).

In this latest security disclosure, NVIDIA urges users to download and install the available software updates through the NVIDIA driver download pages.

“All the vulnerabilities” require local user access and cannot be exploited remotely, with potential attackers having to rely on user interaction to execute malicious code designed to exploit one of the fixed bugs on machines with unpatched display drivers”, — reported Bleeping Computer, and this slightly mitigates level of threat.

To exploit vulnerabilities, an attacker needs to have local access to a device with an installed NVIDIA GPU. Vulnerability (CVE-2019-5683) was discovered in the user-mode video trace logger component, the operation of which allows a local attacker to execute code, cause a denial of service, or increase privileges on a non-updated system.

Read also: Cybercriminals use new JavaScript malware to attack ATMs

The vulnerability was rated 8.8 on the CVSS scale.

“The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. Сonsulting a security or IT professional to evaluate the risk to your specific configuration”, — stated NVIDIA specialists.

The exploitation of two dangerous vulnerabilities (CVE-2019-5684 and CVE-2019-5685) in DirectX drivers allows using a specially formed shader to access the boundaries of the texture array and access the local temporary array of shaders, respectively, in order to cause a denial of service or execute code.

NVIDIA strongly recommends updating your drivers as soon as possible to protect your systems from any level of risk. The low-risk scenario remains the risk scenario and should be mitigated to maintain the integrity of your systems.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button