NVIDIA Just Patched 5 Big GPU Driver Security Flaws, Update Now
If you have an NVIDIA GPU in your Windows rig – like the new Super family of GeForce RTX graphics cards -- now might be a good time to update your graphics driver to the latest version. NVIDIA has pushed out a new update for its graphics drivers that address a total of five security issues within Windows.
The least serve of the security issues is CVE‑2019‑5687, which involves taking advantage of the kernel mode layer handler (nvlddmkm.sys) for DxgkDdiEscape. It is possible to obtain improper permissions which can result in a denial of service attack.
The most sever exploit, with a CVSS V3 base score of 8.8, is CVE‑2019‑5683. According to NVIDIA, it involves a vulnerability in the video driver trace logger. An attacker could potentially gain access to a system using a hard link attack, which can then cascade to code execution and escalation of privileges (among other things).
The five security exploits ranging from medium to high risk and are listed below:
- CVE‑2019‑5683 (Base Score: 8.8)
- CVE‑2019‑5684 (Base Score: 7.8)
- CVE‑2019‑5685 (Base Score: 7.8)
- CVE‑2019‑5686 (Base Score: 5.6)
- CVE‑2019‑5687 (Base Score: 5.2)
According to NVIDIA, the "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration."
To see the full list of security issues, along with detailed descriptions of how each can affect systems, check out the following NVIDIA link.
NVIDIA has made available updated drivers across its entire family of discrete graphics cards including GeForce, Quadro, and Tesla products. Four our audience however, you'll likely be most interested in the GeForce and Quadro drivers, which have been updated to Game Ready Driver 431.60 and Quadro Driver Release 431.70 respectively. You can download the drivers directly using this link.