NVIDIA Patches Critical Security Flaws In GeForce Game Ready Drivers
There are two main trains of thought when it comes to updating drivers. One is to always install them right away to ensure you are protected from the latest threats, and that everything is working as intended. The second is to wait a bit to make sure there are not any unintended side effects, like sending your system into a reboot loop (it happens). If you prescribe to the latter philosophy and own a GeForce GPU, you may still want to go ahead and install the latest driver package rather than wait any longer.
NVIDIA began pushing out its GeForce 430.64 WHQL driver package last Thursday (May 9), which delivered 'Game Ready' optimizations for Rage 2, Total War: Three Kingdoms, and World War Z, along with a handful of bug fixes. In addition, however, the 430.64 driver package also brought with it mitigations for a few serious security flaws.
"NVIDIA has released a software security update for the NVIDIA GPU display driver. This update addresses issues that may lead to denial of service, escalation of privileges, code execution, or information disclosure. To protect your system, download and install this software update through NVIDIA Driver Downloads," NVIDIA states in a security bulletin.
The inclusion of security patches in the GPU driver went largely unnoticed at the time, but is gaining attention now. There are three specific mitigations. They include:
- CVE-2019-5675 (base score 7.7)
- CVE-2019-5676 (base score 7.2)
- CVE-2029-5677 (base score 5.6)
You can read about base scoring in this handy guide. The most serious of the three is CVE-2019-5675, a flaw that could lead to DoS attacks, and could give attackers escalation of privileges. Likewise, CVE-2019-5676 could also give attackers unnerving control of a system, while CVE-2019-5677 is another vulnerability that could be used to launch a DoS attack.
These flaws affect the entire R430 driver family before 430.64, for both consumer (GeForce) and professional (Quadro, NVS) graphics cards.
Incidentally, the 430.64 driver package also includes a fix for an issue that was introduced with the previous 430.39 driver release, which caused CPU usage to spike on some systems. So it was only recently that we were reminded why it is sometimes a good idea to wait a bit before updating a driver. In light of these security flaws, however, we highly recommend that GeForce owners go ahead and grab the 430.64 driver release at this point.
You can update your GPU driver through GeForce Experience, if you have it installed. Otherwise, head over to NVIDIA's driver page to grab the latest version.