Nvidia closes three vulnerabilities in GPU drivers for Windows

Spread the love

Nvidia has identified three vulnerabilities in its Windows drivers for GeForce, Quadro, and Tesla GPUs and has released fixes for the issues. By exploiting the vulnerabilities, an attacker can, among other things, increase his rights on affected systems.

Nvidia provides an explanation of the vulnerabilities found in its security bulletin for May. The most serious vulnerability is CVE‑2019‑5675. It relates to a kernel mode layer, which prevents shared data from syncing properly. This can be exploited, allowing attackers to denial of service, increase privileges, or obtain information on affected systems.

Vulnerability CVE‑2019‑5676 results from the GPU driver failing to load dll files correctly. Abuse of this vulnerability can also increase privileges on attacked systems. Less serious is CVE‑2019‑5677, which addresses potential abuse when reading from the memory buffer. A successful attack can lead to denial of service.

Nvidia has released driver updates for its GeForce, Quadro, and Tesla cards. As for the GeForce cards, for example, driver version 430.64 has appeared. All Windows drivers in the 430 series for this version are vulnerable.

You might also like