{"id":14877,"date":"2020-06-27T08:24:04","date_gmt":"2020-06-27T06:24:04","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14877"},"modified":"2020-06-27T08:24:04","modified_gmt":"2020-06-27T06:24:04","slug":"nvidia-patcht-schwachstellen-im-linux-windows-treiber","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/06\/27\/nvidia-patcht-schwachstellen-im-linux-windows-treiber\/","title":{"rendered":"nVidia patches vulnerabilities in Linux\/Windows drivers"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/06\/27\/nvidia-patcht-schwachstellen-im-linux-windows-treiber\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>] nVidia has just updated its Linux\/Windows drivers. The reason was, that there were twelfe serious vulnerabilities in old version of nVidia kernel mode drivers.<\/p>\n<p><!--more--><\/p>\n<p>I have come across this information on Twitter these days. The guys from Sophos are pointing out this security issue.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"de\" dir=\"ltr\">Patch Time. <a href=\"https:\/\/twitter.com\/hashtag\/Nvidia?src=hash&amp;ref_src=twsrc%5Etfw\">#Nvidia<\/a> schlie\u00dft L\u00fccken in seinem Kernel Driver f\u00fcr Windows und Linux. <a href=\"https:\/\/twitter.com\/hashtag\/Sicherheitsl%C3%BCcke?src=hash&amp;ref_src=twsrc%5Etfw\">#Sicherheitsl\u00fccke<\/a> <a href=\"https:\/\/t.co\/s7LDUe1YfQ\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/t.co\/s7LDUe1YfQ<\/a><\/p>\n<p>\u2014 Sophos IT-Sicherheit (@sophos_info) <a href=\"https:\/\/twitter.com\/sophos_info\/status\/1276396243477037056?ref_src=twsrc%5Etfw\">June 26, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The blog post <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/25\/patch-time-nvidia-fixes-kernel-driver-holes-on-windows-and-linux\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>, dated June 25, 2020, provides further information. There are serious vulnerabilities in older kernel drivers for Linux and Windows.&nbsp; <\/p>\n<p>NVIDIA has fixed 12 different CVE-tagged vulnerabilities with an updated driver, consecutively numbered from CVE-2020-5962 to CVE-2020-5973. However, the vendor has not yet released details of the vulnerabilities.<\/p>\n<p>As far as the people at Sophos know, none of the bugs can be remotely triggered, so these are not RCE vulnerabilities that have been closed. However, as is very common with kernel security flaws, they could allow attackers to carry out so-called information disclosure attacks or privilege escalation attacks.<\/p>\n<p>Because the kernel contains information about the entire system, including details such as which processes are allowed to access which locations, the ability to tinker around in the kernel is usually a privilege reserved for top-level system administrators.<\/p>\n<p>Kernel bugs that allow normal users to look into the protected memory areas of the kernel are therefore dangerous, as they can often be exploited by criminals to grant themselves permanent administrator privileges without knowing administrator passwords.<\/p>\n<p>Further details can be found in the Sophos blog linked above. The colleagues at Bleeping Computer have published more details about these vulnerabilities and the patches in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nvidia-patches-high-severity-flaws-in-windows-linux-drivers\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German] nVidia has just updated its Linux\/Windows drivers. The reason was, that there were twelfe serious vulnerabilities in old version of nVidia kernel mode drivers.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[921,580,2],"tags":[536,784,69,1544,195,194],"class_list":["post-14877","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","category-windows","tag-driver","tag-nvidia","tag-security","tag-software","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14877"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14877\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}