[German]There are several serious vulnerabilities in the Nvidia GeForce Experience and GPU drivers that allow local attackers to increase privileges. Nvidia has provided a driver update.
Advertising
Security advisory November 7, 2019
In two security advisorie about the GeForce Experience driver and the GPU driver, the manufacturer warns of a number of vulnerabilities. These allow local escalation of privileges, but a remote attack is not possible.
GeForce Experience Driver Vulnerabilities
Below is a description of the vulnerabilities of the GeForce Experience driver:
Description | Base Score | |
CVE‑2019‑5701 | NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure or escalation of privileges through code execution. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A | 7.8 |
CVE‑2019‑5689 | NVIDIA GeForce Experience contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved.This behavior may lead to code execution, denial of service, or information disclosure. AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 6.7 |
CVE‑2019‑5695 | NVIDIA GeForce Experience contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 6.5 |
Affected are all GeForce Experience driver packages for Windows prior to the version
3.20.1 The update to version 3.20.1 fixes these vulnerabilities.
Geforce Experience driver update page with change log
NVIDIA GPU display driver vulnerabilities
Below is a description of the NVIDIA GPU display driver vulnerabilities:
Advertising
CVE | Description | Base Score |
CVE‑2019‑5690 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
7.8 |
CVE‑2019‑5691 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 |
CVE‑2019‑5692 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service. AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 7.1 |
CVE‑2019‑5693 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 6.5 |
CVE‑2019‑5694 | NVIDIA Windows GPU Display Driver contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 6.5 |
CVE‑2019‑5695 | NVIDIA Windows GPU Display Driver contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 6.5 |
CVE‑2019‑5696 | NVIDIA Virtual GPU Manager contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of service. AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
5.5 |
CVE‑2019‑5697 | NVIDIA Virtual GPU Manager contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
5.3 |
CVE‑2019‑5698 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input index value is incorrectly validated, which may lead to denial of service. AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H | 5.1 |
Affected are all NVIDIA GPU display driver packages for Windows from the following table
CVEs Addressed | Software Product | Operating System | Affected Versions | Updated Versions |
---|---|---|---|---|
CVE‑2019‑5690 CVE‑2019‑5691 CVE‑2019‑5692 CVE‑2019‑5693 CVE‑2019‑5695 |
GeForce | Windows | All R440 versions prior to 441.12 | 441.12 |
Quadro, NVS | Windows | All R440 versions prior to 441.12 | 441.12 | |
All R430 versions | Available the week of November 18, 2019 | |||
All R418 versions | Available the week of November 18, 2019 | |||
Tesla | Windows | All R440 versions | Available the week of November 18, 2019 | |
All R418 versions | Available the week of November 18, 2019 | |||
CVE‑2019‑5690 CVE‑2019‑5691 CVE‑2019‑5692 CVE‑2019‑5693 CVE‑2019‑5694 CVE‑2019‑5695 |
Quadro, NVS | Windows | All R390 versions | Available the week of November 18, 2019 |
According to the table above, driver updates are not yet available for all products, the update is announced for November 18, 2019.
NVIDIA Driver Driver Update Page
The updated drivers should be provided via Auto-Update, but can also be downloaded from the update pages if available. (via)
Advertising